2 matches found
CVE-2014-0074
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty 1 username or 2 password...
CVE-2014-0074
CVE-2014-0074 affects Apache Shiro 1.x before 1.2.3 when an LDAP server allows unauthenticated binds, enabling bypass of authentication. The Red Hat advisory RHSA-2014:1369 notes this issue is addressed in Fuse ESB Enterprise/MQ Enterprise 7.1.0 with Rollup Patch 1 (7.1.0 R1 P6). The vulnerabilit...