Debian Linux Security Advisory 4046-1 - Tobias Schneider discovered that libspring-ldap-java, a Java library for Spring-based applications using the Lightweight Directory Access Protocol, would under some circumstances allow authentication with a correct username but an arbitrary password.
789874a18cb856c045736564d9bfd47951182babe70743be5d57e37291753cc7