Main Vulnerability Database Vulnerabilities #VU38943

#VU38943 Improper Authentication in Spring Security - CVE-2014-0097

Published: May 25, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38943

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-0097

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Spring Security

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Remediation

Install update from vendor's website.

External links

https://pivotal.io/security/cve-2014-0097

#VU38943 Improper Authentication in Spring Security - CVE-2014-0097

Description

Remediation

External links

Please verify you're human