MantisBT Null byte poisoning in LDAP authentication

2014.09.14

Credit: Damien

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2014-6387

CWE: CWE-287

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Greetings
Matthew Daley reported a Null byte poisoning issue with LDAP
authentication affecting MantisBT <= 1.2.17.
A malicious user can exploit this vulnerability to login as any
registered user and without knowing their password, to systems relying
on LDAP for user authentication (e.g. Active Directory or OpenLDAP with
"allow bind_anon_cred").
Patches are available in [1]; full details on the original issue report
can be found at [2]. Can you please assign a CVE ID to this issue ?
Thank you
D. Regad
MantisBT Developer
http://mantisbt.org/
[1] http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch)
http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch)
[2] http://www.mantisbt.org/bugs/view.php?id=17640

References:

http://github.com/mantisbt/mantisbt/commit/fc02c46ee

(master branch)

http://github.com/mantisbt/mantisbt/commit/215968fa8

(1.2.x branch)

http://www.mantisbt.org/bugs/view.php?id=17640

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

MantisBT Null byte poisoning in LDAP authentication

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.