← back
CVE-2019-19747

CVE-2019-19747

EPSS 1.4%
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://neuvector.com/container-security/blog/https://paulrobertson.co.za/cve-2019-19747/