GHSA-2R4P-JPMG-48F4

Vulnerability from github – Published: 2026-05-08 19:38 – Updated: 2026-05-08 19:38
VLAI?
Summary
Open WebUI has an LDAP Empty Password Authentication Bypass
Details

LDAP Empty Password Authentication Bypass

Affected Component

LDAP authentication endpoint: - backend/open_webui/routers/auths.py (lines 468-477, user bind with empty password) - backend/open_webui/models/auths.py (lines 58-60, LdapForm model)

Affected Versions

Current main branch (commit 6fdd19bf1) and likely all versions with LDAP authentication support.

Description

The LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. Per RFC 4513 Section 5.1.2, a Simple Bind with a valid DN and an empty password constitutes an "unauthenticated simple authentication" — many LDAP servers (including OpenLDAP in default configuration and some Active Directory setups) return success (resultCode 0) for this operation.

The LdapForm Pydantic model accepts password: str with no minimum length constraint, so an empty string passes validation. The subsequent Connection.bind() call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user.

# models/auths.py:58-60 — no min_length on password
class LdapForm(BaseModel):
    user: str
    password: str

# auths.py:469-477 — empty password reaches LDAP bind
connection_user = Connection(
    server,
    user_dn,
    form_data.password,    # can be ""
    auto_bind='NONE',
    authentication='SIMPLE',
)
if not await asyncio.to_thread(connection_user.bind):
    raise HTTPException(400, 'Authentication failed.')

# If bind succeeds (which it does with empty password on many servers),
# execution continues and a full session token is issued

CVSS 3.1 Breakdown

Metric Value Rationale
Attack Vector Network (N) Exploited remotely via the LDAP login endpoint
Attack Complexity Low (L) Single request with an empty password field
Privileges Required None (N) No prior authentication needed
User Interaction None (N) No victim interaction required
Scope Unchanged (U) Impact within the application's authentication boundary
Confidentiality High (H) Full access to victim's account data — chats, files, API keys, settings
Integrity High (H) Can modify victim's data, settings, send messages as victim
Availability None (N) No direct denial of service

Attack Scenario

  1. LDAP authentication is enabled on the Open WebUI instance.
  2. The underlying LDAP server accepts unauthenticated simple binds (OpenLDAP default, some AD configs).
  3. Attacker sends: POST /api/v1/auths/ldap {"user": "admin_username", "password": ""}
  4. The app DN bind succeeds normally (line 366), finds the target user via LDAP search.
  5. The user bind (line 469-477) sends a Simple Bind with the target's DN and an empty password.
  6. The LDAP server returns success for the unauthenticated bind.
  7. authenticate_user_by_email (line 507) issues a full session token for the target user.
  8. Attacker has complete access to the victim's account.

Impact

  • Complete authentication bypass — any LDAP user account can be taken over without knowing the password
  • Includes admin accounts if they authenticate via LDAP
  • No rate limiting on the LDAP endpoint (unlike the password signin endpoint)
  • Zero interaction required from the victim

Preconditions

  • LDAP must be enabled (ENABLE_LDAP=True, disabled by default)
  • The LDAP server must accept unauthenticated simple binds with empty passwords (OpenLDAP default behavior, configurable on AD)
  • Attacker must know a valid LDAP username
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.8.12"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T19:38:31Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "# LDAP Empty Password Authentication Bypass\n\n## Affected Component\n\nLDAP authentication endpoint:\n- `backend/open_webui/routers/auths.py` (lines 468-477, user bind with empty password)\n- `backend/open_webui/models/auths.py` (lines 58-60, `LdapForm` model)\n\n## Affected Versions\n\nCurrent main branch (commit `6fdd19bf1`) and likely all versions with LDAP authentication support.\n\n## Description\n\nThe LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. Per RFC 4513 Section 5.1.2, a Simple Bind with a valid DN and an empty password constitutes an \"unauthenticated simple authentication\" \u2014 many LDAP servers (including OpenLDAP in default configuration and some Active Directory setups) return success (resultCode 0) for this operation.\n\nThe `LdapForm` Pydantic model accepts `password: str` with no minimum length constraint, so an empty string passes validation. The subsequent `Connection.bind()` call succeeds on vulnerable LDAP servers, and the application issues a full session token for the target user.\n\n```python\n# models/auths.py:58-60 \u2014 no min_length on password\nclass LdapForm(BaseModel):\n    user: str\n    password: str\n\n# auths.py:469-477 \u2014 empty password reaches LDAP bind\nconnection_user = Connection(\n    server,\n    user_dn,\n    form_data.password,    # can be \"\"\n    auto_bind=\u0027NONE\u0027,\n    authentication=\u0027SIMPLE\u0027,\n)\nif not await asyncio.to_thread(connection_user.bind):\n    raise HTTPException(400, \u0027Authentication failed.\u0027)\n\n# If bind succeeds (which it does with empty password on many servers),\n# execution continues and a full session token is issued\n```\n\n## CVSS 3.1 Breakdown\n\n| Metric | Value | Rationale |\n|--------|-------|-----------|\n| Attack Vector | Network (N) | Exploited remotely via the LDAP login endpoint |\n| Attack Complexity | Low (L) | Single request with an empty password field |\n| Privileges Required | None (N) | No prior authentication needed |\n| User Interaction | None (N) | No victim interaction required |\n| Scope | Unchanged (U) | Impact within the application\u0027s authentication boundary |\n| Confidentiality | High (H) | Full access to victim\u0027s account data \u2014 chats, files, API keys, settings |\n| Integrity | High (H) | Can modify victim\u0027s data, settings, send messages as victim |\n| Availability | None (N) | No direct denial of service |\n\n## Attack Scenario\n\n1. LDAP authentication is enabled on the Open WebUI instance.\n2. The underlying LDAP server accepts unauthenticated simple binds (OpenLDAP default, some AD configs).\n3. Attacker sends:\n   ```\n   POST /api/v1/auths/ldap\n   {\"user\": \"admin_username\", \"password\": \"\"}\n   ```\n4. The app DN bind succeeds normally (line 366), finds the target user via LDAP search.\n5. The user bind (line 469-477) sends a Simple Bind with the target\u0027s DN and an empty password.\n6. The LDAP server returns success for the unauthenticated bind.\n7. `authenticate_user_by_email` (line 507) issues a full session token for the target user.\n8. Attacker has complete access to the victim\u0027s account.\n\n## Impact\n\n- Complete authentication bypass \u2014 any LDAP user account can be taken over without knowing the password\n- Includes admin accounts if they authenticate via LDAP\n- No rate limiting on the LDAP endpoint (unlike the password signin endpoint)\n- Zero interaction required from the victim\n\n## Preconditions\n\n- LDAP must be enabled (`ENABLE_LDAP=True`, disabled by default)\n- The LDAP server must accept unauthenticated simple binds with empty passwords (OpenLDAP default behavior, configurable on AD)\n- Attacker must know a valid LDAP username",
  "id": "GHSA-2r4p-jpmg-48f4",
  "modified": "2026-05-08T19:38:31Z",
  "published": "2026-05-08T19:38:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/open-webui/open-webui/security/advisories/GHSA-2r4p-jpmg-48f4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open WebUI has an LDAP Empty Password Authentication Bypass"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.