CVE-2022-37397
8.3
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| YugaByte, Inc. | Yugabyte DB | 2.6.1.0 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
- CWE-16: CWE-16 Configuration
Workarounds
Disable LDAP for YCQL.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.