Description
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://seclists.org/fulldisclosure/2014/Mar/22
https://issues.apache.org/jira/browse/SHIRO-460
Related Vulnerabilities
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2020-14968 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2023-22465 Vulnerability in maven package org.http4s:http4s-core_3
CVE-2023-32007 Vulnerability in maven package org.apache.spark:spark-core_2.12