SQLLoginModule in Apache Geronimo 2.0 up to and including 2.1 does not throw an exception for a nonexistent username, which allows remote malicious users to bypass authentication via a login attempt with any username not contained in the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache geronimo 2.0 |
||
apache geronimo 2.0.1 |
||
apache geronimo 2.0.2 |
||
apache geronimo 2.1 |