Authentication flaw

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

CVE-2012-5629

The CVE-2012-5629 issue affects JBoss EAP/EWP: default configurations of LdapLoginModule and LdapExtLoginModule in EAP 4.3.0 CP10, 5.2.0, 6.0.1 and EWP 5.2.0 allow remote attackers to bypass authentication by supplying an empty password. The vulnerability is an authentication bypass in the LDAP l...