Description
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://seclists.org/fulldisclosure/2014/Mar/22
https://issues.apache.org/jira/browse/SHIRO-460
Related Vulnerabilities
CVE-2023-2196 Vulnerability in maven package org.jenkins-ci.plugins:codedx
CVE-2022-25890 Vulnerability in npm package wifey
CVE-2019-10773 Vulnerability in npm package @pnpm/package-bins
CVE-2023-34617 Vulnerability in maven package com.owlike:genson
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:tomcat-util