Improper authentication is possible in Apache Traffic Control versions if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user’s correct password.
CPE | Name | Operator | Version |
---|---|---|---|
go/github.com/apache/trafficcontrol | ge | 3.0.0 | |
go/github.com/apache/trafficcontrol | le | 3.0.1 |