CVE-2019-12405: Improper Authentication

September 9, 2019 (updated September 26, 2019)

Improper authentication is possible in Apache Traffic Control versions if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user’s correct password.

References

nvd.nist.gov/vuln/detail/CVE-2019-12405

Code Behaviors & Features

Detect and mitigate CVE-2019-12405 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →