Description

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2012-5629

Related Vulnerabilities

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-36400)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18084)

PHP Numeric Errors Vulnerability (CVE-2011-4566)

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679)

WordPress 4.5.x Prototype Pollution (4.5 - 4.5.25)

Severity

High

Classification

CVE-2012-5629 CWE-264

Tags

Missing Update Known Vulnerabilities