CVE-2014-0074 Vulnerability in maven package org.apache.shiro:shiro-core

Description

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-1351.html

https://issues.apache.org/jira/browse/SHIRO-460

http://seclists.org/fulldisclosure/2014/Mar/22

Related Vulnerabilities

CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql-deployment

CVE-2023-33544 Vulnerability in maven package io.hawt:hawtio-system

CVE-2022-40955 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2022-1233 Vulnerability in npm package urijs

CVE-2021-21165 Vulnerability in npm package electron

Severity

Critical

Classification

CWE-287