Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreThe ActiveDirectoryLdapAuthenticator does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Users of affected versions should apply the following mitigation:
This issue was identified by the Spring Development team.
2014-Mar-11: Initial vulnerability report published
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy