Description
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
Mitigation
We recommend upgrading to a version of this component that is not vulnerable to this specific issue.
Workaround:
A potential workaround is to not use a WS-SecurityPolicy that uses a plaintext `UsernameToken`. Documentation regarding this can be found at the link below:
http://docs.oasis-open.org/ws-sx/security-policy/examples/ws-sp-usecases-examples.html#_Toc274723235
