lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |