CVE-2021-29156
N/A
N/A
Summary
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://portswigger.net/research/hidden-oauth-attack-vectors
- https://bugster.forgerock.org/jira/browse/OPENAM-10135
References
- https://portswigger.net/research/hidden-oauth-attack-vectors
- https://bugster.forgerock.org/jira/browse/OPENAM-10135
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.