CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
References
Link Resource
https://www.yugabyte.com/ Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:yugabyte:yugabytedb:2.6.1:*:*:*:*:*:*:*

Information

Published : 2022-08-12 08:15

Updated : 2022-08-16 03:44


NVD link : CVE-2022-37397

Mitre link : CVE-2022-37397

Products Affected
CWE