← volver
CVE-2019-19747

CVE-2019-19747

EPSS 1.4%
NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://neuvector.com/container-security/blog/https://paulrobertson.co.za/cve-2019-19747/