The jboss-as-domain-management and jbosssx (now part of PicketLink) modules under default conditions allow users to authenticate with a blank password when LDAP authentication is configured and unauthenticated authentication is supported by the LDAP server. This is in violation of the recommendations of RFC 4513, which states that clients should disallow empty passwords as input to a name/password authentication interface, and not allow the input of an empty password to trigger the selection of the unauthenticated authentication mechanism.
This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2013:0230 https://rhn.redhat.com/errata/RHSA-2013-0230.html
This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2013:0229 https://rhn.redhat.com/errata/RHSA-2013-0229.html
This issue has been addressed in following products: JBEAP 6 for RHEL 5 JBEAP 6 for RHEL 6 Via RHSA-2013:0231 https://rhn.redhat.com/errata/RHSA-2013-0231.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.1 Via RHSA-2013:0234 https://rhn.redhat.com/errata/RHSA-2013-0234.html
This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0233 https://rhn.redhat.com/errata/RHSA-2013-0233.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0232 https://rhn.redhat.com/errata/RHSA-2013-0232.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 4.3.0 CP10 Via RHSA-2013:0248 https://rhn.redhat.com/errata/RHSA-2013-0248.html
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 JBEAP 4.3.0 for RHEL 5 Via RHSA-2013:0249 https://rhn.redhat.com/errata/RHSA-2013-0249.html
This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.1 JBoss Enterprise Portal Platform 4.3.0 CP07 JBoss Enterprise Portal Platform 5.2.2 JBoss Enterprise SOA Platform 4.2.0 CP05 JBoss Enterprise SOA Platform 4.3.0 CP05 Via RHSA-2013:0586 https://rhn.redhat.com/errata/RHSA-2013-0586.html
This issue has been addressed in following products: JBoss Data Grid 6.1.0 Via RHSA-2013:0665 https://rhn.redhat.com/errata/RHSA-2013-0665.html