Privilege Escalation via Null Password in JBoss Enterprise Application Platform (EAP) and Related Platforms

Privilege Escalation via Null Password in JBoss Enterprise Application Platform (EAP) and Related Platforms

CVE-2012-3369 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:N

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.

Learn more about our Web App Pen Testing.