CVE-2015-1169

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apereo:central_authentication_service:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:24

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html - Exploit () http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-Authentication-Bypass.html - Exploit
References () http://seclists.org/fulldisclosure/2015/Jan/87 - Exploit () http://seclists.org/fulldisclosure/2015/Jan/87 - Exploit
References () https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c - () https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c -
References () https://github.com/Jasig/cas/pull/411 - () https://github.com/Jasig/cas/pull/411 -
References () https://issues.jasig.org/browse/CAS-1429 - Exploit () https://issues.jasig.org/browse/CAS-1429 - Exploit

Information

Published : 2015-02-10 20:59

Updated : 2024-11-21 02:24


NVD link : CVE-2015-1169

Mitre link : CVE-2015-1169

CVE.ORG link : CVE-2015-1169


JSON object : View

Products Affected

apereo

  • central_authentication_service
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')