Описание
Opendaylight will authenticate any username and password combination
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1778
- https://web.archive.org/web/20150510044305/https://git.opendaylight.org/gerrit/#/c/16307
- https://web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_Advisories#.5BImportant.5D_CVE-2015-1778_OpenDaylight:_authentication_bypass
- http://www.openwall.com/lists/oss-security/2015/03/20/3
Пакеты
Наименование
org.opendaylight.odlparent:opendaylight-karaf-resources
maven
Затронутые версииВерсия исправления
< 0.2.3-Helium-SR3
0.2.3-Helium-SR3
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.