CVE-2020-26542: SimpleLDAP Authentication in Percona Server for MySQL, Percona Server for MongoDB


When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.


Percona Server for MySQL

Percona Server for Mysql 8.x. < 8.0.21

Percona XtraDB Cluster

Percona XtraDB Cluster 8.x. <

Percona Server for MongoDB

Only the exact minor versions listed here are affected: 3.6.19-7.0, 4.0.18-11, 4.0.19-12, 4.0.20-13, 4.2.5-5, 4.2.6-6, 4.2.7-7, 4.2.8-8, 4.2.9-9, 4.4.0-1, 4.4.1-2

More Information

Release Notes

Percona Distribution for MySQL (PXC Variant) 8.0.20, Fixes For Security Vulnerability: Release Roundup October 13, 2020


Share this post

Leave a Reply