CVE-2019-19747

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any valid LDAP user by providing a valid username and an empty password (provided that the active directory server has not been configured to reject empty passwords).

NeuVector versión 3.1, cuando está configurado para permitir la autenticación por medio de Active Directory, no aplica contraseñas no vacías, permitiendo a un atacante con acceso al portal de Neuvector autenticarse como cualquier usuario LDAP válido al proporcionar un nombre de usuario válido y una contraseña vacía (siempre que el servidor de active directory no haya sido configurado para rechazar contraseñas vacías).