CVE-2022-48538 Information

Description

In Cacti 1.2.19 there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

Reference

https://github.com/Cacti/cacti/issues/5189 https://docs.cacti.net/Settings-Auth-LDAP.md