memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials.
2014-01-13T21:55:05.230
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.8 (MEDIUM)
AV:A/AC:L/Au:N/C:P/I:P/A:N
6.5
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | memcached | memcached | ≤ 1.4.16 | Yes |
| Application | memcached | memcached | 1.4.0 | Yes |
| Application | memcached | memcached | 1.4.1 | Yes |
| Application | memcached | memcached | 1.4.2 | Yes |
| Application | memcached | memcached | 1.4.3 | Yes |
| Application | memcached | memcached | 1.4.4 | Yes |
| Application | memcached | memcached | 1.4.5 | Yes |
| Application | memcached | memcached | 1.4.6 | Yes |
| Application | memcached | memcached | 1.4.7 | Yes |
| Application | memcached | memcached | 1.4.8 | Yes |
| Application | memcached | memcached | 1.4.9 | Yes |
| Application | memcached | memcached | 1.4.10 | Yes |
| Application | memcached | memcached | 1.4.11 | Yes |
| Application | memcached | memcached | 1.4.12 | Yes |
| Application | memcached | memcached | 1.4.13 | Yes |
| Application | memcached | memcached | 1.4.14 | Yes |
| Application | memcached | memcached | 1.4.15 | Yes |