CVE-2014-8764

Published: 22 October 2014

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.

Priority

Status

Package	Release	Status
dokuwiki Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	trusty	Does not exist (trusty was needed)
	upstream	Released (0.0.20140929.a-1)
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable (0.0.20140929.d-1ubuntu1)
	yakkety	Not vulnerable (0.0.20160626.a-1)
	zesty	Not vulnerable

References

http://www.openwall.com/lists/oss-security/2014/10/16
https://www.cve.org/CVERecord?id=CVE-2014-8764
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.