Auth bypass in Apache Qpid

CVE-2012-3467

Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.

Vulnerability class: Broken Authentication

EPSS: 0.011 (78.8th percentile) — read the EPSS interpretation.

Affected products

Apache Qpid — versions 0.5, 0.6, 0.14
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM)
50186 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
54954 (vdb-entry, x_refsource_BID)
RHSA-2012:1279 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
apache-qpid-broker-sec-bypass(77568) (vdb-entry, x_refsource_XF)
RHSA-2012:1277 (x_refsource_REDHAT, vendor-advisory)
50698 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_MISC)
[oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections (mailing-list, x_refsource_MLIST)