Posted by Paul B. Henson on Jan 29

This CVE claims CAS has a vulnerability that “allows remote attackers to
bypass LDAP authentication via crafted wildcards”. My understanding of
an “authentication bypass” vulnerability is one that actually bypasses
authentication, accessing a resource without having to authenticate, as
enumerated at http://cwe.mitre.org/data/definitions/592.html

The actual vulnerability here is that if you are using the LDAP
authenticator…