Unrated severityNVD Advisory· Published Mar 12, 2013· Updated Apr 29, 2026

CVE-2012-5629

Description

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.

Affected products

Red Hat/Jboss Enterprise Application Platform3 versions
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*
Red Hat/Jboss Enterprise Web Platform
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0229.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0230.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0231.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0232.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0233.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0234.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0248.htmlnvdVendor Advisory
bugzilla.redhat.com/bugzilla/show_bug.cginvd
rhn.redhat.com/errata/RHSA-2013-0533.htmlnvd
rhn.redhat.com/errata/RHSA-2013-0586.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000