CVE-2014-8764
NONE
Published Oct 22, 201411y ago · Modified Jun 17, 20262w ago
Published Oct 22, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
Affected Products 3
| Vendor | Product | Version | Range |
|---|---|---|---|
| mageia_project | mageia | 3.0 | any |
| mageia_project | mageia | 4.0 | any |
| dokuwiki | dokuwiki | * | ≤2013-12-08 |
References 7
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0438.html
- secunia.com http://secunia.com/advisories/61983
- debian.org http://www.debian.org/security/2014/dsa-3059
- freelists.org http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
- openwall.com http://www.openwall.com/lists/oss-security/2014/10/13/3
- openwall.com http://www.openwall.com/lists/oss-security/2014/10/16/9
- github.com https://github.com/splitbrain/dokuwiki/pull/868
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.