CVE-2014-8763 - Vulnerability Details - OpenCVE

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0105.

Key SSVC decision points have not yet been added.

Vendors	Products
Dokuwiki Subscribe	Dokuwiki Subscribe
Mageia Project Subscribe	Mageia Subscribe

Configuration 1 [-]

cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:mageia_project:mageia:3.0:::::::*
	cpe:2.3:o:mageia_project:mageia:4.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-79-1	dokuwiki security update
Debian DSA	DSA-3059-1	dokuwiki security update
EUVD	EUVD-2014-8594	DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0438.html
http://secunia.com/advisories/61983
http://www.debian.org/security/2014/dsa-3059
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
https://github.com/splitbrain/dokuwiki/pull/868

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-10-22T14:00:00

Updated: 2024-08-06T13:26:02.588Z

Reserved: 2014-10-13T00:00:00

Link: CVE-2014-8763

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-10-22T14:55:08.373

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-8763

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-01T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"}, {"name": "61983", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61983"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3059"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/splitbrain/dokuwiki/pull/868"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication", "refsource": "MLIST", "url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"}, {"name": "61983", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61983"}, {"name": "http://advisories.mageia.org/MGASA-2014-0438.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3059"}, {"name": "https://github.com/splitbrain/dokuwiki/pull/868", "refsource": "CONFIRM", "url": "https://github.com/splitbrain/dokuwiki/pull/868"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:26:02.588Z"}, "title": "CVE Program Container", "references": [{"name": "[dokuwiki] 20140918 Fwd: Dokuwiki (maybe) security issue: Null byte poisoning in LDAP authentication", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"}, {"name": "61983", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61983"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"name": "[oss-security] 20141013 CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"name": "[oss-security] 20141016 Re: CVE request: various security flaws in dokuwiki", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"name": "DSA-3059", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3059"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/splitbrain/dokuwiki/pull/868"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8763", "datePublished": "2014-10-22T14:00:00", "dateReserved": "2014-10-13T00:00:00", "dateUpdated": "2024-08-06T13:26:02.588Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA33BE6C-F00C-4A78-9136-EBBF9643B4F2", "versionEndIncluding": "2014-05-05a", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mageia_project:mageia:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBED7B92-A9D9-4B2A-A2A5-BD63C2214721", "vulnerable": true}, {"criteria": "cpe:2.3:o:mageia_project:mageia:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A7D2FA5A-6EC3-490B-A6A5-C498C889E30D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind."}, {"lang": "es", "value": "DokuWiki anterior a 2014-05-05b, cuando utiliza Active Directory para la autenticaci\u00f3n LDAP, permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una contrase\u00f1a que empiece por un caracter nulo (\\0) y un nombre de usuario v\u00e1lido, lo que provoca un bind no autenticado."}], "id": "CVE-2014-8763", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-22T14:55:08.373", "references": [{"source": "secalert@redhat.com", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/61983"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2014/dsa-3059"}, {"source": "secalert@redhat.com", "url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"source": "secalert@redhat.com", "url": "https://github.com/splitbrain/dokuwiki/pull/868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2014-0438.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61983"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/13/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/10/16/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/splitbrain/dokuwiki/pull/868"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}