Greetings Matthew Daley reported a Null byte poisoning issue with LDAP authentication affecting MantisBT <= 1.2.17. A malicious user can exploit this vulnerability to login as any registered user and without knowing their password, to systems relying on LDAP for user authentication (e.g. Active Directory or OpenLDAP with "allow bind_anon_cred"). Patches are available in [1]; full details on the original issue report can be found at [2]. Can you please assign a CVE ID to this issue ? Thank you D. Regad MantisBT Developer http://mantisbt.org/ [1] http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch) [2] http://www.mantisbt.org/bugs/view.php?id=17640
CVE-2014-6387 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6387): gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
This is fixed in version: 1.2.18 http://www.mantisbt.org/bugs/view.php?id=17640
Multiple vulnerabilities spread across 9 different bugs. No movement from maintainers in over a year.
Package removed