Authentication Bypass in Apache Geronimo 2.0
CVE-2007-4548

Currently unrated

Key Information:

Vendor: Apache
Status: Geronimo
Vendor: CVE Published:; 27 August 2007

Summary

The login method in specific LoginModule implementations within Apache Geronimo 2.0 lacks proper handling of failed login attempts, which allows attackers to bypass authentication. By exploiting this vulnerability, a remote attacker can deploy arbitrary modules and potentially gain administrative access by providing blank credentials through the command-line deployer in the deployment module. This oversight poses significant security risks, as it can lead to unauthorized access and manipulation of deployed applications.

References

https://issues.apache.org/jira/browse/GERONIMO-3404

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/13/apache-geronimo-v20...

x_refsource_CONFIRM

http://geronimo.apache.org/2007/08/21/apache-geronimo-201...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 27, 2007