A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS.
Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 09 Jul 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Cloudfoundry
Cloudfoundry cf-deployment Cloudfoundry uaa |
|
| Vendors & Products |
Cloudfoundry
Cloudfoundry cf-deployment Cloudfoundry uaa |
Thu, 09 Jul 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselves admin scopes. This affects every deployment that authenticates users against LDAP over StartTLS. Affected versions: UAA versions prior to v78.13.0; Cf-deployment versions prior to v56.2.0. | |
| Title | LDAP StartTLS unconditionally disables hostname verification | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-09T06:26:02.169Z
Reserved: 2026-05-20T10:00:51.003Z
Link: CVE-2026-47840
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T08:30:03Z
Weaknesses
No weakness.