Description
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-1351.html
https://issues.apache.org/jira/browse/SHIRO-460
http://seclists.org/fulldisclosure/2014/Mar/22
Related Vulnerabilities
CVE-2020-11022 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery
CVE-2020-28249 Vulnerability in npm package joplin
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view
CVE-2021-32819 Vulnerability in npm package squirrelly
CVE-2021-46365 Vulnerability in maven package info.magnolia:magnolia-core