Vulnerability Description
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 4.3.0 |
| Redhat | Jboss Enterprise Web Platform | 5.2.0 |
Related Weaknesses (CWE)
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569
- http://rhn.redhat.com/errata/RHSA-2013-0229.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0230.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0231.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0232.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0233.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0234.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0248.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://rhn.redhat.com/errata/RHSA-2013-0586.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569
- http://rhn.redhat.com/errata/RHSA-2013-0229.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0230.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0231.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0232.htmlVendor Advisory
FAQ
What is CVE-2012-5629?
CVE-2012-5629 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5...
How severe is CVE-2012-5629?
CVE-2012-5629 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5629?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Web Platform.