CVE-2011-1024
EPSS 0.25%
Description
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
How to fix CVE-2011-1024
To remediate CVE-2011-1024, upgrade the affected package to a fixed version below.
- Debian/openldap—upgrade to 2.4.25-1 or later
Is CVE-2011-1024 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.4.25-1