CVE-2014-8088: Improper Authentication

October 22, 2014 (updated November 3, 2017)

The (1) Zend_Ldap class in Zend and (2) Zend dap component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.

References

framework.zend.com/security/advisory/ZF2014-05

Code Behaviors & Features

Detect and mitigate CVE-2014-8088 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →