CVE-2011-1024
EPSS 0.25%Published: 3/20/2011Modified: 4/28/2026
Description
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
Affected packages (1)
- Debian/openldapfrom 0, < 2.4.25-1