The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
References
Link | Resource |
---|---|
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569 | |
http://rhn.redhat.com/errata/RHSA-2013-0229.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0230.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0231.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0232.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0233.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0234.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0248.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0533.html | |
http://rhn.redhat.com/errata/RHSA-2013-0586.html |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 00:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. |
02 Feb 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP | |
References |
|
Information
Published : 2013-03-12 23:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-5629
Mitre link : CVE-2012-5629
CVE.ORG link : CVE-2012-5629
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_enterprise_web_platform
CWE
CWE-264
Permissions, Privileges, and Access Controls