CVE-2014-8088

The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

Published: Oct 22, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8088
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
zend / zend_framework	2.2.4	2.2.4.x
zend / zend_framework	2.3.0	2.3.0.x
zend / zend_framework	2.0.0	2.0.0.x
zend / zend_framework	1.12.0-rc3	1.12.0-rc3.x
zend / zend_framework	1.12.2	1.12.2.x
zend / zend_framework	1.12.5	1.12.5.x
zend / zend_framework	-	1.12.7.x
zend / zend_framework	2.01	2.01.x
zend / zend_framework	2.2.2	2.2.2.x
zend / zend_framework	1.12.3	1.12.3.x
zend / zend_framework	2.2.7	2.2.7.x
zend / zend_framework	1.12.1	1.12.1.x
zend / zend_framework	1.12.0-rc1	1.12.0-rc1.x
zend / zend_framework	2.3.1	2.3.1.x
zend / zend_framework	1.12.0-rc4	1.12.0-rc4.x
zend / zend_framework	2.3.2	2.3.2.x
zend / zend_framework	2.2.3	2.2.3.x
zend / zend_framework	1.12.0-rc2	1.12.0-rc2.x
zend / zend_framework	2.2.6	2.2.6.x
zend / zend_framework	2.2.5	2.2.5.x
zend / zend_framework	1.12.0	1.12.0.x

Vulnerability Database

289,697

CVE-2014-8088