CVE-2014-8763
dokuwiki - security update
EPSS 1.1%
Description
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
How to fix CVE-2014-8763
To remediate CVE-2014-8763, upgrade the affected package to a fixed version below.
- Debian/dokuwiki—upgrade to 0.0.20140929.a-1 or later
- Debian/dokuwiki—upgrade to 0.0.20091225c-10+squeeze3 or later
Is CVE-2014-8763 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.0.20140929.a-1
- from 0, < 0.0.20091225c-10+squeeze3