Red Hat Bugzilla – Bug 1109628
CVE-2014-3999 php-horde-Horde-Ldap: connect to LDAP without knowing the password
Last modified: 2015-07-31 03:21:57 EDT
Matthew Daley reported an issue in Horde LDAP where, if a user knew the LDAP bind user's DN, they could login without supplying a password. This has been fixed in version 2.0.6:
It has been fixed in Fedora via bug 1104961, and EPEL 6 via bug 1104962.
Full details available in http://seclists.org/oss-sec/2014/q2/504