CVE-2014-0074

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2014-0074

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-0074.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2014-0074

Downstream

DEBIAN-CVE-2014-0074

Withdrawn

2026-01-27T04:12:24.523699Z

Published

2014-10-06T14:55:08Z

Modified

2026-01-27T04:12:24.523699Z

Summary

[none]

Details

Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

References

http://rhn.redhat.com/errata/RHSA-2014-1351.html
https://issues.apache.org/jira/browse/SHIRO-460
http://seclists.org/fulldisclosure/2014/Mar/22

CVE-2014-0074

Affected packages