Descriptionsquid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2005:006, published Thursday, Feb 10th 2005 13:30 MET
- SUSE-SR:2005:003, published Wednesday, Feb 4th 2005 15:00 MEST
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:57:19 2013
CVE page last modified: Fri Oct 7 12:45:30 2022