CVE-2020-26168

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hazelcast:jet:*:*:*:*:enterprise:*:*:*

Information

Published : 2020-11-09 14:15

Updated : 2020-11-18 12:39


NVD link : CVE-2020-26168

Mitre link : CVE-2020-26168


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

hazelcast

  • jet
  • hazelcast