CVE-2007-4548

Name of the Vulnerable Software and Affected Versions Apache Geronimo version 2.0

Description The issue concerns the login method in LoginModule implementations, which does not properly handle failed logins by not throwing a FailedLoginException. This allows remote attackers to bypass authentication requirements. Attackers can exploit this by sending a blank username and password, potentially allowing them to deploy arbitrary modules and gain administrative access.

Recommendations For Apache Geronimo version 2.0, consider implementing a custom LoginModule that correctly throws a FailedLoginException for failed logins as a temporary workaround. Restrict access to the deployment module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.