CVE-2022-0143 - When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This

CVE-2022-0143

Summary

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)

References

https://backstage.forgerock.com/downloads/browse/idm/featured/connectors
https://backstage.forgerock.com/knowledge/kb/article/a11380515

Vulnerable Configurations

cpe:2.3:a:forgerock:ldap_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:forgerock:ldap_connector:*:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-863

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

21-09-2022 - 18:27

Published

19-09-2022 - 22:15

Last modified

21-09-2022 - 18:27