Lucene search
WhoisbinitH1:1278050HistoryJul 26, 2021 - 2:28 p.m.
U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!
2021-07-2614:28:23
whoisbinit
hackerone.com
79
forgerock openam
ldap injection
webfinger protocol
cve-2021-29156
u.s. dept of defense
nist
portswigger
github
injection vulnerability
security breach
bug bounty
EPSS
0.414
Percentile
97.4%
Description:
https://████████ is vulnerable to CVE-2021-29156.
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-29156
- https://portswigger.net/research/hidden-oauth-attack-vectors
- https://github.com/projectdiscovery/nuclei-templates/blob/74db4223c11d27a934ca1c417aa4abca9e70ad35/cves/2021/CVE-2021-29156.yaml
Impact
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
System Host(s)
████████
Affected Product(s) and Version(s)
CVE Numbers
CVE-2021-29156
Steps to Reproduce
The references mentioned shall be helpful for successful reproduction.
Suggested Mitigation/Remediation Actions
Related
cve
cve
CVE-2021-29156
2021-03-25 09:15:13
cvelist
cvelist
CVE-2021-29156
2021-03-25 08:20:13
zdt
zdt
OpenAM 13.0 - LDAP Injection Exploit
2021-11-03 00:00:00
prion
prion
Code injection
2021-03-25 09:15:00
exploitdb
exploitdb
OpenAM 13.0 - LDAP Injection
2021-11-03 00:00:00
githubexploit
githubexploit
Exploit for Injection in Forgerock Openam
2022-10-07 10:18:44
Exploit for Injection in Forgerock Openam
2021-11-03 13:21:50
nvd
nvd
CVE-2021-29156
2021-03-25 09:15:13
hackerone
hackerone
U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████
2021-07-27 09:42:39
nuclei
nuclei
LDAP Injection In OpenAM
2021-07-11 09:09:41