CVE-2022-37397 Information

Description

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled it allows bypass of authentication with an empty password.

Reference

https://www.yugabyte.com/