CVE-2012-1100
JON: LDAP authentication allows any user access if bind credentials are bad
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
Red Hat JBoss Operations Network (JON) 3.0.x anterior a 3.0.1, 2.4.2 y anteriores, cuando la autenticación LDAP está habilitada y las credenciales de la cuenta LDAP bind no son válidos, permite a atacantes remotos iniciar una sesión en cuentas basadas en LDAP a través de una contraseña arbitraria en una solicitud de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-14 CVE Reserved
- 2012-03-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2012-0396.html | 2014-02-14 | |
http://rhn.redhat.com/errata/RHSA-2012-0406.html | 2014-02-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=799789 | 2012-03-20 | |
https://access.redhat.com/security/cve/CVE-2012-1100 | 2012-03-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | <= 2.4.1 Search vendor "Redhat" for product "Jboss Operations Network" and version " <= 2.4.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.0.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.0.1 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.1.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.1.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.2 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.3 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.3.1 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 2.4 Search vendor "Redhat" for product "Jboss Operations Network" and version "2.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Operations Network Search vendor "Redhat" for product "Jboss Operations Network" | 3.0 Search vendor "Redhat" for product "Jboss Operations Network" and version "3.0" | - |
Affected
|