Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2012-0396.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2012-0406.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=799789 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-02-14T15:00:00
Updated: 2014-02-14T14:57:01
Reserved: 2012-02-14T00:00:00
Link: CVE-2012-1100
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-02-14T15:55:04.813
Modified: 2014-02-14T19:19:22.383
Link: CVE-2012-1100
JSON object: View
Redhat Information
No data.
CWE