Hi,

In addition, I have just found that Dokuwiki is also vulnerable to
null-byte-forced anonymous binds (as opposed to just unauthenticated
binds):

With a Dokuwiki instance using Active Directory for LDAP
authentication (as described earlier), one can log in using a username
that has a null byte as the first character and with a password that
similarly has a null byte as the first character. This will result in
an anonymous bind being performed by Dokuwiki, and hence the log in
will always succeed, regardless of the whether the username exists or
not in the LDAP directory.

- Matthew

(Note that this only occurs when using the authad plugin; the authldap
plugin appears to correctly escape the null byte in the username in
this form of attack.)