GLSA-200709-10 : PhpWiki: Authentication bypass

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200709-10
(PhpWiki: Authentication bypass)

The PhpWiki development team reported an authentication error within
the file lib/WikiUser/LDAP.php when binding to an LDAP server with an
empty password.

Impact :

A remote attacker could provide an empty password when authenticating.
Depending on the LDAP implementation used, this could bypass the
PhpWiki authentication mechanism and grant the attacker access to the

Workaround :

There is no known workaround at this time.

See also :

Solution :

All PhpWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phpwiki-1.3.14'

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Gentoo Local Security Checks

Nessus Plugin ID: 26100 (gentoo_GLSA-200709-10.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3193