You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
mend-for-github-combot
changed the title
CVE-2017-14623 (High) detected in gogs-v0.11.66
CVE-2017-14623 (Medium) detected in gopkg.in/ldap.v2-v2.5.1, gogsv0.11.66
Apr 21, 2021
mend-for-github-combot
changed the title
CVE-2017-14623 (Medium) detected in gopkg.in/ldap.v2-v2.5.1, gogsv0.11.66
CVE-2017-14623 (High) detected in github.com/go-ldap/ldap-v2.5.1, gogsv0.11.66
Jan 12, 2022
mend-for-github-combot
changed the title
CVE-2017-14623 (High) detected in github.com/go-ldap/ldap-v2.5.1, gogsv0.11.66
CVE-2017-14623 (High) detected in gopkg.in/LDAP.v2-v2.5.1, gogsv0.11.66
Sep 12, 2022
mend-for-github-combot
changed the title
CVE-2017-14623 (High) detected in gopkg.in/LDAP.v2-v2.5.1, gogsv0.11.66
CVE-2017-14623 (Medium) detected in gopkg.in/LDAP.v2-v2.5.1, gogsv0.11.66
Oct 16, 2022
mend-for-github-combot
changed the title
CVE-2017-14623 (Medium) detected in gopkg.in/LDAP.v2-v2.5.1, gogsv0.11.66
CVE-2017-14623 (High) detected in gogsv0.11.66
Feb 21, 2023
CVE-2017-14623 - High Severity Vulnerability
Vulnerable Library - gogsv0.11.66
Gogs is a painless self-hosted Git service.
Library home page: https://github.com/gogs/gogs.git
Found in HEAD commit: 31ed5b62067a79555c5aa53bea9b583a97f978a1
Vulnerable Source Files (1)
/vendor/gopkg.in/ldap.v2/bind.go
Vulnerability Details
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.
Publish Date: 2017-09-20
URL: CVE-2017-14623
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14623
Release Date: 2017-09-20
Fix Resolution: v3
The text was updated successfully, but these errors were encountered: