Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
References
Configurations
History
21 Nov 2024, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html - Exploit | |
References | () http://seclists.org/fulldisclosure/2015/Jan/87 - Exploit | |
References | () https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c - | |
References | () https://github.com/Jasig/cas/pull/411 - | |
References | () https://issues.jasig.org/browse/CAS-1429 - Exploit |
Information
Published : 2015-02-10 20:59
Updated : 2024-11-21 02:24
NVD link : CVE-2015-1169
Mitre link : CVE-2015-1169
CVE.ORG link : CVE-2015-1169
JSON object : View
Products Affected
apereo
- central_authentication_service
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')