CVE-2012-5629 Information

Feb 14, 2021 cve

Description

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10 5.2.0 and 6.0.1 and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Reference

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569 http://rhn.redhat.com/errata/RHSA-2013-0229.html http://rhn.redhat.com/errata/RHSA-2013-0230.html http://rhn.redhat.com/errata/RHSA-2013-0231.html http://rhn.redhat.com/errata/RHSA-2013-0232.html http://rhn.redhat.com/errata/RHSA-2013-0233.html http://rhn.redhat.com/errata/RHSA-2013-0234.html http://rhn.redhat.com/errata/RHSA-2013-0248.html http://rhn.redhat.com/errata/RHSA-2013-0533.html http://rhn.redhat.com/errata/RHSA-2013-0586.html

Share on: