Jeff Williams

**Name of the Vulnerable Software and Affected Versions** Internet2 Grouper versions prior to 5.6 Grouper for Web Services versions prior to 4.13.1 **Description** The issue allows authentication bypass when LDAP authentication is used in certain ways. This is related to the `internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication` class and the use of the `UyY29r` password for the `M3vwHr` account. **Recommendations** For Internet2 Grouper versions prior to 5.6, update to version 5.6 or later. For Grouper for Web Services versions prior to 4.13.1, update to version 4.13.1 or later. As a temporary workaround, consider restricting the use of LDAP authentication until a patch is available.