A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-04T12:39:36.239Z

Reserved: 2020-06-17T00:00:00

Link: CVE-2020-14299

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-16T14:15:11.533

Modified: 2024-11-21T05:02:57.350

Link: CVE-2020-14299

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-10-13T00:00:00Z

Links: CVE-2020-14299 - Bugzilla

cve-icon OpenCVE Enrichment

No data.