Search Results
There are 6 CVE entries that match your search.
Name |
Description |
CVE-2018-15748 |
On Dell 2335dn printers with Printer Firmware Version 2.70.05.02,
Engine Firmware Version 1.10.65, and Network Firmware Version
V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an
authenticated attacker to retrieve the configured SMTP or LDAP password
by viewing the HTML source code of the Email Settings webpage. In some
cases, authentication can be achieved with the blank default password
for the admin account. NOTE: the vendor indicates that this is an "End
Of Support Life" product.
|
CVE-2013-3107 |
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding
for Active Directory is enabled, allows remote attackers to bypass
authentication by providing a valid username in conjunction with an
empty password.
|
CVE-2012-5629 |
The default configuration of the (1) LdapLoginModule and (2)
LdapExtLoginModule modules in JBoss Enterprise Application Platform
(EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP)
5.2.0 allow remote attackers to bypass authentication via an empty
password.
|
CVE-2008-0604 |
The LDAP authentication feature in XLight FTP Server before 2.83, when
used with some unspecified LDAP servers, does not check for blank
passwords, which allows remote attackers to bypass intended access
restrictions.
|
CVE-2007-3275 |
MailWasher Server before 2.2.1, when used with LDAP or Active
Directory (AD), does not properly handle blank passwords, which allows
remote attackers to access an arbitrary user account and read the spam
e-mail messages stored for that account, possibly related to the
LoginCheck::doPost function in mwi/servlet/Login.cpp. NOTE: some of
these details are obtained from third party information.
|
CVE-2002-0303 |
GroupWise 6, when using LDAP authentication and when Post Office has a
blank username and password, allows attackers to gain privileges of
other users by logging in without a password.
|