User: Password:
Subscribe / Log in / New account

springframework-security: authentication bypass

Package(s):springframework-security CVE #(s):CVE-2014-0097
Created:March 21, 2014 Updated:March 26, 2014
Description: From the Red Hat bugzilla entry:

It was found that empty passwords could bypass authentication. From the original advisory:

"The ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password."

Fedora FEDORA-2014-3812 springframework-security 2014-03-21
Fedora FEDORA-2014-3811 springframework-security 2014-03-21

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds