CVE-2015-1778

NONE EPSS 84.4%
Published Jun 27, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 27, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

Threat Intelligence

EPSS Exploit Probability
84.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

Affected Products 1

VendorProductVersionRange
opendaylightopendaylight*any

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2015/03/20/3
    Mailing ListVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/73255
    Third Party AdvisoryVDB Entry
  • cloudrouter.org https://cloudrouter.org/security/
    Third Party Advisory
  • wiki.opendaylight.org https://wiki.opendaylight.org/view/Security_Advisories
    PatchVendor Advisory

Remediation