CVE-2018-18389: Improper Authentication

October 17, 2018 (updated September 13, 2021)

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.

References

github.com/advisories/GHSA-h5f5-rj4r-42f6
github.com/neo4j/neo4j/issues/12047
nvd.nist.gov/vuln/detail/CVE-2018-18389

Code Behaviors & Features

Detect and mitigate CVE-2018-18389 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →