CVE-2014-0074

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.x before 1.2.3

Description The issue allows remote attackers to bypass authentication when using an LDAP server with unauthenticated bind enabled. This can be achieved by providing an empty username or password.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the use of unauthenticated bind with the LDAP server until the update is applied. Restrict access to the LDAP authentication mechanism to minimize the risk of exploitation.