Vulnerability Description
Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sitracker | Support Incident Tracker | <= 3.50 |
Related Weaknesses (CWE)
References
- http://bugs.sitracker.org/view.php?id=1047
- http://osvdb.org/61945
- http://secunia.com/advisories/38329Vendor Advisory
- http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292
- http://sitracker.org/wiki/ReleaseNotes351Patch
- http://www.securityfocus.com/bid/37949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55871
- http://bugs.sitracker.org/view.php?id=1047
- http://osvdb.org/61945
- http://secunia.com/advisories/38329Vendor Advisory
- http://sitracker.org/forum/viewtopic.php?f=4&t=1416979&p=2292
- http://sitracker.org/wiki/ReleaseNotes351Patch
- http://www.securityfocus.com/bid/37949
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55871
FAQ
What is CVE-2010-1596?
CVE-2010-1596 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Support Incident Tracker before 3.51, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
How severe is CVE-2010-1596?
CVE-2010-1596 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1596?
Check the references section above for vendor advisories and patch information. Affected products include: Sitracker Support Incident Tracker.