The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote malicious users to bypass authentication via an empty password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise web platform 5.2.0 |
||
redhat jboss enterprise application platform 6.0.1 |
||
redhat jboss enterprise application platform 4.3.0 |
||
redhat jboss enterprise application platform 5.2.0 |