PT-2017-6516 · Opendaylight · Opendaylight

David Jorm

Published

2017-06-27

Updated

2022-05-17

CVE-2015-1778

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Opendaylight versions prior to Helium SR3

Description The issue concerns the custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight. This realm will authenticate any username and password combination, indicating a significant security flaw.

Recommendations For versions prior to Helium SR3, update to Helium SR3 or later to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2015-1778

GHSA-QM24-4869-99PJ

Affected Products

Opendaylight

PT-2017-6516 · Opendaylight · Opendaylight

CVE-2015-1778

Weakness Enumeration

Related Identifiers

Affected Products

References · 9