Improper Exception Handling in LDAP Auth Backend Disables Server Certificate Checking

Improper Exception Handling in LDAP Auth Backend Disables Server Certificate Checking

CVE-2018-20245 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Learn more about our Cis Benchmark Audit For Apache Http Server.