{"api_version":"1","generated_at":"2026-04-22T23:20:14+00:00","cve":"CVE-2012-5629","urls":{"html":"https://cve.report/CVE-2012-5629","api":"https://cve.report/api/cve/CVE-2012-5629.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-5629","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-5629"},"summary":{"title":"CVE-2012-5629","description":"The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2013-03-12 23:55:00","updated_at":"2023-02-13 00:26:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2013:0233","name":"https://access.redhat.com/errata/RHSA-2013:0233","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569","refsource":"MISC","tags":[],"title":"885569 – (CVE-2012-5629) CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=885569","name":"https://bugzilla.redhat.com/show_bug.cgi?id=885569","refsource":"MISC","tags":[],"title":"Bug 885569 – CVE-2012-5629 JBoss: allows empty password to authenticate against LDAP","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","name":"RHSA-2013:0533","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0231.html","name":"RHSA-2013:0231","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0232","name":"https://access.redhat.com/errata/RHSA-2013:0232","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0234.html","name":"RHSA-2013:0234","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0233.html","name":"RHSA-2013:0233","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0248","name":"https://access.redhat.com/errata/RHSA-2013:0248","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0231","name":"https://access.redhat.com/errata/RHSA-2013:0231","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0229.html","name":"RHSA-2013:0229","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0249","name":"https://access.redhat.com/errata/RHSA-2013:0249","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0234","name":"https://access.redhat.com/errata/RHSA-2013:0234","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0229","name":"https://access.redhat.com/errata/RHSA-2013:0229","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0230","name":"https://access.redhat.com/errata/RHSA-2013:0230","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0586.html","name":"RHSA-2013:0586","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0665","name":"https://access.redhat.com/errata/RHSA-2013:0665","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0230.html","name":"RHSA-2013:0230","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0586","name":"https://access.redhat.com/errata/RHSA-2013:0586","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2012-5629","name":"https://access.redhat.com/security/cve/CVE-2012-5629","refsource":"MISC","tags":[],"title":"CVE-2012-5629 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0248.html","name":"RHSA-2013:0248","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0533","name":"https://access.redhat.com/errata/RHSA-2013:0533","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0232.html","name":"RHSA-2013:0232","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-5629","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5629","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"6.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"5629","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2012-5629","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0533.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0533.html"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569","refsource":"MISC","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0229.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0229.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0230.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0230.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0231.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0231.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0232.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0232.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0233.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0233.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0234.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0234.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0248.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0248.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0586.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0586.html"}]}},"nvd":{"publishedDate":"2013-03-12 23:55:00","lastModifiedDate":"2023-02-13 00:26:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"5629","Ordinal":"58655","Title":"CVE-2012-5629","CVE":"CVE-2012-5629","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"5629","Ordinal":"1","NoteData":"The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.","Type":"Description","Title":null},{"CveYear":"2012","CveId":"5629","Ordinal":"2","NoteData":"2013-03-12","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"5629","Ordinal":"3","NoteData":"2015-01-13","Type":"Other","Title":"Modified"}]}}}