CVE-2014-0097
N/A
N/A
Summary
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pivotal | Spring Security | 3.2.0 to 3.2.1 | affected |
| Pivotal | Spring Security | 3.1.0 to 3.1.5 | affected |
Weaknesses
- Authentication Bypass
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.