Description
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://seclists.org/fulldisclosure/2014/Mar/22
https://issues.apache.org/jira/browse/SHIRO-460
Related Vulnerabilities
CVE-2023-34238 Vulnerability in npm package gatsby-cli
CVE-2020-10199 Vulnerability in maven package org.sonatype.nexus:nexus-extdirect
CVE-2023-35147 Vulnerability in maven package org.jenkins-ci.plugins:aws-codecommit-trigger
CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro