The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOpendaylight
APPOpendaylightwszystkie wersje
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References
Related vulnerabilities
CVE-2017-1000411HIGH7.5ten sam produkt
OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi conta...
CVE-2017-1000357HIGH7.5ten sam produkt
Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulne...
CVE-2017-1000361HIGH7.5ten sam produkt
DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launche...
CVE-2017-1000359MEDIUM5.3ten sam produkt
Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-x...
CVE-2017-1000358MEDIUM6.5ten sam produkt
Controller throws an exception and does not allow user to add subsequent flow for a particular switch. Compone...