Search criteria
4 vulnerabilities found for ldap_connector by forgerock
CVE-2023-1656 (GCVE-0-2023-1656)
Vulnerability from nvd – Published: 2023-03-29 19:55 – Updated: 2025-04-14 17:04
VLAI?
Title
When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
Summary
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ForgeRock Inc. | OpenIDM and Java Remote Connector Server (RCS) |
Affected:
1.5.20.9 , ≤ 1.5.20.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:03:32.619480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:03:41.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "LDAP Connector",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "OpenIDM and Java Remote Connector Server (RCS)",
"vendor": "ForgeRock Inc.",
"versions": [
{
"lessThanOrEqual": "1.5.20.13",
"status": "affected",
"version": "1.5.20.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.\u003cp\u003eThis issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:02.162Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"source": {
"advisory": "202303",
"discovery": "EXTERNAL"
},
"title": "When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-1656",
"datePublished": "2023-03-29T19:55:13.974Z",
"dateReserved": "2023-03-27T14:07:18.820Z",
"dateUpdated": "2025-04-14T17:04:02.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0143 (GCVE-0-2022-0143)
Vulnerability from nvd – Published: 2022-09-19 21:15 – Updated: 2025-05-29 15:29
VLAI?
Title
LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password
Summary
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
Severity ?
9.3 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ForgeRock | LDAP Connector |
Affected:
unspecified , < 1.5.20.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T15:29:06.514230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:29:12.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LDAP Connector",
"vendor": "ForgeRock",
"versions": [
{
"lessThan": "1.5.20.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:03:47.555Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to LDAP connector 1.5.20.9 or later or disable the optional StartTLS feature in the LDAP connector."
}
],
"source": {
"advisory": "202206",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENICF-2103",
"(not",
"public)"
],
"discovery": "INTERNAL"
},
"title": "LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forgerock.com",
"DATE_PUBLIC": "2022-09-19T17:38:00.000Z",
"ID": "CVE-2022-0143",
"STATE": "PUBLIC",
"TITLE": "LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LDAP Connector",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.5.20.9"
}
]
}
}
]
},
"vendor_name": "ForgeRock"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://backstage.forgerock.com/knowledge/kb/article/a11380515",
"refsource": "MISC",
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"name": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors",
"refsource": "MISC",
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to LDAP connector 1.5.20.9 or later or disable the optional StartTLS feature in the LDAP connector."
}
],
"source": {
"advisory": "202206",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENICF-2103",
"(not",
"public)"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2022-0143",
"datePublished": "2022-09-19T21:15:51.349Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2025-05-29T15:29:12.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1656 (GCVE-0-2023-1656)
Vulnerability from cvelistv5 – Published: 2023-03-29 19:55 – Updated: 2025-04-14 17:04
VLAI?
Title
When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
Summary
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ForgeRock Inc. | OpenIDM and Java Remote Connector Server (RCS) |
Affected:
1.5.20.9 , ≤ 1.5.20.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:24.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T15:03:32.619480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T15:03:41.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "LDAP Connector",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "OpenIDM and Java Remote Connector Server (RCS)",
"vendor": "ForgeRock Inc.",
"versions": [
{
"lessThanOrEqual": "1.5.20.13",
"status": "affected",
"version": "1.5.20.9",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.\u003cp\u003eThis issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555 Remote Services with Stolen Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:02.162Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a14149722"
},
{
"tags": [
"product"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"value": "Upgrade to LDAP connector version 1.5.20.14 or later"
}
],
"source": {
"advisory": "202303",
"discovery": "EXTERNAL"
},
"title": "When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-1656",
"datePublished": "2023-03-29T19:55:13.974Z",
"dateReserved": "2023-03-27T14:07:18.820Z",
"dateUpdated": "2025-04-14T17:04:02.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0143 (GCVE-0-2022-0143)
Vulnerability from cvelistv5 – Published: 2022-09-19 21:15 – Updated: 2025-05-29 15:29
VLAI?
Title
LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password
Summary
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
Severity ?
9.3 (Critical)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ForgeRock | LDAP Connector |
Affected:
unspecified , < 1.5.20.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-0143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T15:29:06.514230Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:29:12.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LDAP Connector",
"vendor": "ForgeRock",
"versions": [
{
"lessThan": "1.5.20.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:03:47.555Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to LDAP connector 1.5.20.9 or later or disable the optional StartTLS feature in the LDAP connector."
}
],
"source": {
"advisory": "202206",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENICF-2103",
"(not",
"public)"
],
"discovery": "INTERNAL"
},
"title": "LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forgerock.com",
"DATE_PUBLIC": "2022-09-19T17:38:00.000Z",
"ID": "CVE-2022-0143",
"STATE": "PUBLIC",
"TITLE": "LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LDAP Connector",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.5.20.9"
}
]
}
}
]
},
"vendor_name": "ForgeRock"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://backstage.forgerock.com/knowledge/kb/article/a11380515",
"refsource": "MISC",
"url": "https://backstage.forgerock.com/knowledge/kb/article/a11380515"
},
{
"name": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors",
"refsource": "MISC",
"url": "https://backstage.forgerock.com/downloads/browse/idm/featured/connectors"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to LDAP connector 1.5.20.9 or later or disable the optional StartTLS feature in the LDAP connector."
}
],
"source": {
"advisory": "202206",
"defect": [
"https://bugster.forgerock.org/jira/browse/OPENICF-2103",
"(not",
"public)"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2022-0143",
"datePublished": "2022-09-19T21:15:51.349Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2025-05-29T15:29:12.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}