Open WebUI 'LDAP Empty Password' - Authentication Bypass

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server. The LdapForm Pydantic model accep...

Medtronic MyCareLink Patient Monitor 安全漏洞

Medtronic MyCareLink Patient Monitor is an open source monitoring system for remote patient monitoring from Medtronic in the United States. A security vulnerability exists in Medtronic MyCareLink Patient Monitor versions prior to 2025.6.25, which stems from the use of an empty password for the...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...