Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
References
Configurations
History
No history.
Information
Published : 2015-02-10 20:59
Updated : 2024-02-04 18:35
NVD link : CVE-2015-1169
Mitre link : CVE-2015-1169
CVE.ORG link : CVE-2015-1169
JSON object : View
Products Affected
apereo
- central_authentication_service
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')