Critical severity9.8NVD Advisory· Published Jun 27, 2017· Updated May 13, 2026

CVE-2015-1778

Description

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.opendaylight.odlparent:opendaylight-karaf-resourcesMaven	< 0.2.3-Helium-SR3	0.2.3-Helium-SR3

Affected products

Opendaylight/Opendaylight
cpe:2.3:a:opendaylight:opendaylight:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wiki.opendaylight.org/view/Security_AdvisoriesnvdPatchVendor Advisory
www.securityfocus.com/bid/73255nvdThird Party AdvisoryVDB Entry
cloudrouter.org/security/nvdThird Party Advisory
github.com/advisories/GHSA-qm24-4869-99pjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-1778ghsaADVISORY
www.openwall.com/lists/oss-security/2015/03/20/3nvdMailing ListVDB EntryWEB
web.archive.org/web/20150510044305/https://git.opendaylight.org/gerrit/ghsaWEB
web.archive.org/web/20150510044305/https://wiki.opendaylight.org/view/Security_AdvisoriesghsaWEB
opendaylight-karaf-resourcesghsaPACKAGE

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000