RSS   Vulnerabilities for 'Neuvector'   RSS

2019-12-20
 
CVE-2019-19747

CWE-521
 

 
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).

 


Copyright 2024, cxsecurity.com

 

Back to Top