The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dell
Published: 2017-05-25T17:00:00
Updated: 2024-08-06T09:05:38.302Z
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0097
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-05-25T17:29:00.160
Modified: 2024-11-21T02:01:21.320
Link: CVE-2014-0097
Redhat