Packetfence » Packetfence : Security Vulnerabilities, CVEs, CVSS score >= 8
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-02-01
Updated
2018-02-21
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
Max CVSS
9.8
EPSS Score
0.37%
Published
2018-02-01
Updated
2018-02-21
2 vulnerabilities found