CVE-2020-26168 - OpenCVE

The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hazelcast	Hazelcast Jet

Configuration 1 [-]

OR	cpe:2.3:a:hazelcast:hazelcast:::::enterprise:::*
	cpe:2.3:a:hazelcast:jet:::::enterprise:::*

References

Link	Resource
https://docs.hazelcast.org/docs/ern/index.html#4-0-3	Release Notes Vendor Advisory
https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass	Vendor Advisory
https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass	Vendor Advisory
https://jet-start.sh/blog/2020/10/23/jet-43-is-released	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-09T21:28:39

Updated: 2020-11-09T21:28:39

Reserved: 2020-09-30T00:00:00

Link: CVE-2020-26168

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-09T22:15:13.257

Modified: 2020-11-18T20:39:49.663

Link: CVE-2020-26168

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-09T21:28:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.hazelcast.org/docs/ern/index.html#4-0-3"}, {"tags": ["x_refsource_MISC"], "url": "https://jet-start.sh/blog/2020/10/23/jet-43-is-released"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26168", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.hazelcast.org/docs/ern/index.html#4-0-3", "refsource": "MISC", "url": "https://docs.hazelcast.org/docs/ern/index.html#4-0-3"}, {"name": "https://jet-start.sh/blog/2020/10/23/jet-43-is-released", "refsource": "MISC", "url": "https://jet-start.sh/blog/2020/10/23/jet-43-is-released"}, {"name": "https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass", "refsource": "CONFIRM", "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass"}, {"name": "https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass", "refsource": "CONFIRM", "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26168", "datePublished": "2020-11-09T21:28:39", "dateReserved": "2020-09-30T00:00:00", "dateUpdated": "2020-11-09T21:28:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hazelcast:hazelcast:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "06DB8128-3063-4CB2-BB6F-6AFEA507E551", "versionEndExcluding": "4.0.3", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hazelcast:jet:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "F829E074-7D1E-4A91-9741-B776F6404202", "versionEndIncluding": "4.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords."}, {"lang": "es", "value": "El m\u00e9todo de autenticaci\u00f3n LDAP en LdapLoginModule en Hazelcast IMDG Enterprise versiones 4.x anteriores a 4.0.3, y Jet Enterprise versiones 4.x anteriores a 4.2, no comprueba apropiadamente la contrase\u00f1a en algunos escenarios de system-user-dn. Como resultado, los usuarios (clients/members) pueden ser autenticados incluso si proporcionan contrase\u00f1as no v\u00e1lidas"}], "id": "CVE-2020-26168", "lastModified": "2020-11-18T20:39:49.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-09T22:15:13.257", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.hazelcast.org/docs/ern/index.html#4-0-3"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360050161951--IMDG-Enterprise-4-0-4-0-1-4-0-2-LDAP-Authentication-Bypass"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://hazelcast.zendesk.com/hc/en-us/articles/360051384932--JET-Enterprise-4-0-4-1-4-1-1-4-2-LDAP-Authentication-Bypass"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jet-start.sh/blog/2020/10/23/jet-43-is-released"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}