Authentication Bypass in Apache Shiro 1.x
CVE-2014-0074

Currently unrated

Key Information:

Vendor

Apache
Status
Shiro
Vendor
CVE Published:
6 October 2014

What is CVE-2014-0074?

Apache Shiro versions prior to 1.2.3 are susceptible to an authentication bypass issue when configured to use an LDAP server with unauthenticated bind enabled. This vulnerability permits remote attackers to bypass authentication by exploiting the system with an empty username or password. As a result, unauthorized access to the affected system may occur, potentially compromising sensitive data and undermining application security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://seclists.org/fulldisclosure/2014/Mar/22
mailing-listx_refsource_FULLDISC
https://issues.apache.org/jira/browse/SHIRO-460
x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2014-1351.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.