Unrated severityNVD Advisory· Published Mar 20, 2011· Updated Jun 16, 2026
CVE-2011-1024
CVE-2011-1024
Description
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
- (no CPE)range: <=2.4.23
Patches
Vulnerability mechanics
References
21- www.openldap.org/devel/cvsweb.cgi/servers/slapd/back-ldap/chain.c.diffnvdPatch
- www.openldap.org/lists/openldap-announce/201102/msg00000.htmlnvdPatch
- secunia.com/advisories/43331nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0665nvdVendor Advisory
- kb.juniper.net/InfoCenter/indexnvd
- kb.juniper.net/InfoCenter/indexnvd
- openwall.com/lists/oss-security/2011/02/24/12nvd
- openwall.com/lists/oss-security/2011/02/25/13nvd
- secunia.com/advisories/43708nvd
- secunia.com/advisories/43718nvd
- security.gentoo.org/glsa/glsa-201406-36.xmlnvd
- securitytracker.com/idnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.openldap.org/its/index.cgi/Software%20Bugsnvd
- www.openldap.org/lists/openldap-technical/201004/msg00247.htmlnvd
- www.redhat.com/support/errata/RHSA-2011-0346.htmlnvd
- www.redhat.com/support/errata/RHSA-2011-0347.htmlnvd
- www.ubuntu.com/usn/USN-1100-1nvd
- bugzilla.novell.com/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.