Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2007-3193

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

Related bugs and status

CVE-2007-3193 (Candidate) is related to these bugs:

Bug #138614: Please sync phpwiki (universe) from Debian unstable (main)

Summary				In	Importance	Status
	138614	Please sync phpwiki (universe) from Debian unstable (main)		phpwiki (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://sourceforge.net...
SECUNIA: 25595
DEBIAN: DSA-1371
SECUNIA: 26784
GENTOO: GLSA-200709-10
SECUNIA: 26880
VUPEN: ADV-2007-2144
OSVDB: 37219
MISC: http://sourceforge.net...
XF: phpwiki-ldap-security-...