Description

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2012-5629

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33337)

WordPress Plugin Salon Booking System Cross-Site Scripting (7.9.3)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)

WordPress Plugin Smart Slider 3 PRO Cross-Site Scripting (3.5.0.8)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)

Severity

High

Classification

CVE-2012-5629 CWE-264

Tags

Missing Update Known Vulnerabilities