Unauthenticated Bind Bypass Vulnerability in Apache Shiro

Unauthenticated Bind Bypass Vulnerability in Apache Shiro

CVE-2014-0074 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

Learn more about our Cis Benchmark Audit For Bind.