CVE-2020-26168

Publication date

2020-11-09 21:28:39

Family

mitre

State

PUBLISHED

Description

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesnt verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.