CVE-2020-26542 SimpleLDAP authentication Percona Server, Percona Server MongoDB

By

CVE-2020-26542

When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory,

Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.

Applicability

Percona Server MySQL

Percona Server Mysql 8.x. < 8.0.21

Percona XtraDB Cluster

percona XtraDB Cluster 8.x. < 8.0.20.11-3

Percona Server MongoDB

Percona Server MongoDB Only the exact minor versions listed here are affected: 3.6.19-7.0, 4.0.18-11, 4.0.19-12, 4.0.20-13, 4.2.5-5, 4.2.6-6, 4.2.7-7, 4.2.8-8, 4.2.9-9, 4.4.0-1, 4.4.1-2

More information

https://jira.percona.com/browse/PSMDB-726

https://jira.percona.com/browse/PS-7358

Release Notes

https://ift.tt/2HyOSth

Percona Distribution for MySQL (PXC Variant) 8.0.20, Fixes For Security Vulnerability: Release Roundup October 13, 2020

 


by David Busby via Percona Database Performance Blog

Comments

Post a Comment