PROBLEM:
JBoss Operations Network LDAP Authentication Bug Lets Remote Users Bypass Authentication
PLATFORM:
JBoss Operations Network 2.x
ABSTRACT:
A vulnerability was reported in JBoss Operations Network. A remote user can login with an arbitrary password in certain cases.
referenceĀ LINKS:
SecurityTracker Alert ID: 1026826
Secunia Advisory SA48471
CVE-2012-1100
IMPACT ASSESSMENT:
Medium
Discussion:
The vulnerability is caused due to an error within the Lightweight Directory Access Protocol (LDAP) authentication when handling invalid bind account credentials, which can be exploited to log-in to LDAP-based accounts by providing an arbitrary password.
Impact:
A remote user can login with an arbitrary password in certain cases.
Solution:
The vendor has issued a fix for JBoss Operations Network.