Description

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2012-5629

Related Vulnerabilities

WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)

WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)

MediaWiki Improper Authentication Vulnerability (CVE-2018-0505)

IBM RTC Other Vulnerability (CVE-2015-0112)

Internet Information Services Other Vulnerability (CVE-2002-0074)

Severity

High

Classification

CVE-2012-5629 CWE-264

Tags

Missing Update Known Vulnerabilities