CVE-2015-1778: Opendaylight will authenticate any username and password combination

Severity: Critical

CVSS Score: 9.8

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.