7.1 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.4%
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
rhn.redhat.com/errata/RHSA-2014-1351.html
seclists.org/fulldisclosure/2014/Mar/22
issues.apache.org/jira/browse/SHIRO-460