CVE-2024-10127
Nov. 20, 2024, 9:15 a.m.
Tags
Product(s) Impacted
M-Files server
- before 24.11
Description
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
Weaknesses
CWE-303
Incorrect Implementation of Authentication Algorithm
The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.
CWE ID: 303Date
Published: Nov. 20, 2024, 9:15 a.m.
Last Modified: Nov. 20, 2024, 9:15 a.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@m-files.com
References
https://product.m-files.com/
security@m-files.com