QwikSec

Security Database

CVE

CWE

Training

CVE-2015-6524

Published: Aug 24, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2015-701a1e1a5f

vendor-advisory

x_refsource_FEDORA

http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt

x_refsource_CONFIRM

FEDORA-2015-5622085024

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.