// For flags

CVE-2012-1100

JON: LDAP authentication allows any user access if bind credentials are bad

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.

Red Hat JBoss Operations Network (JON) 3.0.x anterior a 3.0.1, 2.4.2 y anteriores, cuando la autenticación LDAP está habilitada y las credenciales de la cuenta LDAP bind no son válidos, permite a atacantes remotos iniciar una sesión en cuentas basadas en LDAP a través de una contraseña arbitraria en una solicitud de inicio de sesión.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-14 CVE Reserved
  • 2012-03-19 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
<= 2.4.1
Search vendor "Redhat" for product "Jboss Operations Network" and version " <= 2.4.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.0.0
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.0.1
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.1.0
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.1.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.2
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.2"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.3
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.3.1
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.3.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
2.4
Search vendor "Redhat" for product "Jboss Operations Network" and version "2.4"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
3.0
Search vendor "Redhat" for product "Jboss Operations Network" and version "3.0"
-
Affected