Description
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Remediation
References
Related Vulnerabilities
WordPress Plugin ReFlex Gallery Cross-Site Scripting (3.1.4)
WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)
MediaWiki Improper Authentication Vulnerability (CVE-2018-0505)
IBM RTC Other Vulnerability (CVE-2015-0112)
Internet Information Services Other Vulnerability (CVE-2002-0074)