VULHUB ™

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms. A problem in the Bugzilla's implementation of LDAP makes it possible for an attacker to log in as any user. The attacker must simply leave the password field blank and the authentication challenge will succeed, when it normally should fail. This occurs even when there is a valid password for the account the attacker is attempting to log in under. This is only an issue if Bugzilla is configured to use LDAP authentication.

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms. A problem in the Bugzilla's implementation of LDAP makes it possible for an attacker to log in as any user. The attacker must simply leave the password field blank and the authentication challenge will succeed, when it normally should fail. This occurs even when there is a valid password for the account the attacker is attempting to log in under. This is only an issue if Bugzilla is configured to use LDAP authentication.