CVE-2005-2654
phpldapadmin - programming error
EPSS 0.77%
Description
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
How to fix CVE-2005-2654
To remediate CVE-2005-2654, upgrade the affected package to a fixed version below.
- Debian/phpldapadmin—upgrade to 0.9.6c-5 or later
- Debian/phpldapadmin—upgrade to 0.9.5-3sarge2 or later
Is CVE-2005-2654 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.9.6c-5
- from 0, < 0.9.5-3sarge2