Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreThe ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Spring Security:
| Fix version | Availability |
|---|---|
| 3.2.2 | OSS |
| 3.1.6 | OSS |
No further mitigation steps are necessary.
This issue was identified by the Spring Development team.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy