Main Vulnerability Database SB2017052518

SB2017052518 - Improper Authentication in VMware, Spring Security

Published: May 25, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017052518

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2014-0097)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Remediation

Install update from vendor's website.

References

https://pivotal.io/security/cve-2014-0097