← back
CVE-2012-5629

CVE-2012-5629

EPSS 2.3%
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569http://rhn.redhat.com/errata/RHSA-2013-0229.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0230.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0231.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0232.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0233.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0234.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0248.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0533.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0586.html