Novell eDirectory NMAS Authentication Bypass Vulnerability

info
discussion
exploit
solution
references

Novell eDirectory NMAS Authentication Bypass Vulnerability

Novell eDirectory is prone to an issue that could result in unauthorized access to a user's account.

An unauthorized attacker can change a user's password because the application fails to verify responses to challenge questions.

eDirectory NMAS versions prior to 2.3.8 are affected.