CVE-2021-29156
Description
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
NVD
Severity: HIGH
CVE ID: CVE-2021-29156
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-29156
Refrence: Project Discovery GitHub
guidepointsecurity
Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0.
Refrence: GitHub
5amu
Exploit for CVE-2021-29156
Refrence: GitHub