The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-03-12T22:00:00
Updated: 2024-08-06T21:14:15.932Z
Reserved: 2012-10-24T00:00:00
Link: CVE-2012-5629
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-03-12T23:55:01.380
Modified: 2024-11-21T01:45:00.287
Link: CVE-2012-5629
Redhat