CVE-2017-14623: Improper Authentication

September 20, 2017 (updated October 3, 2019)

An attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.

References

nvd.nist.gov/vuln/detail/CVE-2017-14623

Detect and mitigate CVE-2017-14623 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →