Vulnerability Details CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 85.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2015/03/20/3
- http://www.securityfocus.com/bid/73255
- https://cloudrouter.org/security/
- https://wiki.opendaylight.org/view/Security_Advisories
- http://www.openwall.com/lists/oss-security/2015/03/20/3
- http://www.securityfocus.com/bid/73255
- https://cloudrouter.org/security/
- https://wiki.opendaylight.org/view/Security_Advisories
Products affected by CVE-2015-1778
-
cpe:2.3:a:opendaylight:opendaylight:-