JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication
JBoss Operations Network 2.x
A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.
The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based accounts by providing an arbitrary password.
A remote user can login with an arbitrary password in certain cases.
The vendor has issued a fix for JBoss Operations Network.