CVE-2014-8088: Access Restriction Bypass

October 22, 2014 (updated November 3, 2017)

Due to an issue that existed in PHP’s LDAP extension, it is possible to perform an unauthenticated simple bind against a LDAP server by using a null byte for the password, regardless of whether or not the user normally requires a password.

References

github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2f
nvd.nist.gov/vuln/detail/CVE-2014-8088

Code Behaviors & Features

Detect and mitigate CVE-2014-8088 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →