Common Vulnerabilities and Exposures |
|
||||
Search Results
There are 5 CVE entries that match your search.
| Name | Description |
|---|---|
| CVE-2013-3107 | VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. |
| CVE-2012-5629 | The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. |
| CVE-2008-0604 | The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. |
| CVE-2007-3275 | MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of these details are obtained from third party information. |
| CVE-2002-0303 | GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. |
|
You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org
|
||
