{"id":"CVE-2010-2940","details":"The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.","modified":"2026-04-10T03:41:21.403121Z","published":"2010-08-30T20:00:02Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/41159"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=625189"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/61399"}],"schema_version":"1.7.5"}