Vulnerability Details : CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-8028
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:spring-ldap:1.3.1:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8028
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8028
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2017-8028
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8028
-
https://pivotal.io/security/cve-2017-8028
CVE-2017-8028: Spring-LDAP authentication with userSearch and STARTTLS allows authentication with arbitrary password | Security | PivotalIssue Tracking;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2017/11/msg00026.html
[SECURITY] [DLA 1180-1] libspring-ldap-java security update
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021
-
https://access.redhat.com/errata/RHSA-2018:0319
RHSA-2018:0319 - Security Advisory - Red Hat Customer Portal
-
https://www.debian.org/security/2017/dsa-4046
Debian -- Security Information -- DSA-4046-1 libspring-ldap-javaIssue Tracking;Third Party Advisory
Jump to