You are here

U-130: JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

March 21, 2012 - 7:00am

Addthis

PROBLEM:

JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication

PLATFORM:

JBoss Operations Network 2.x

ABSTRACT:

A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.

referenceĀ  LINKS:

SecurityTracker Alert ID: 1026826
Secunia Advisory SA48471
CVE-2012-1100

IMPACT ASSESSMENT:

Medium

Discussion:

The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based accounts by providing an arbitrary password.

Impact:

A remote user can login with an arbitrary password in certain cases.

Solution:

The vendor has issued a fix for JBoss Operations Network.

Addthis