Insecure Custom Authentication Realm in Opendaylight's Karaf-Tomcat opendaylight Realm

Insecure Custom Authentication Realm in Opendaylight's Karaf-Tomcat opendaylight Realm

CVE-2015-1778 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

Learn more about our Cis Benchmark Audit For Apache Tomcat.