Description
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Request Forgery (2.2)
Django Uncontrolled Resource Consumption Vulnerability (CVE-2023-24580)
WordPress Plugin Booking calendar, Appointment Booking System Multiple Vulnerabilities (2.1.7)
WordPress Plugin Gravity Forms Dynamics CRM Cross-Site Scripting (1.0.7)