GHSA-qm24-4869-99pjCriticalCVSS 9.8
Opendaylight will authenticate any username and password combination
🔗 CVE IDs covered (1)
📋 Description
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
🎯 Affected products1
- maven/org.opendaylight.odlparent:opendaylight-karaf-resources:< 0.2.3-Helium-SR3
🔗 References (5)
- https://nvd.nist.gov/vuln/detail/CVE-2015-1778
- http://www.openwall.com/lists/oss-security/2015/03/20/3
- https://web.archive.org/web/20150510044305/https://git.opendaylight.org/gerrit/#/c/16307
- https://web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_Advisories#.5BImportant.5D_CVE-2015-1778_OpenDaylight:_authentication_bypass
- https://github.com/advisories/GHSA-qm24-4869-99pj