Last active
August 12, 2020 16:20
-
-
Save IAG0110/0205823570ba04ec12e656f7f4602877 to your computer and use it in GitHub Desktop.
Ldap Injection in PegaSystem 8.2 or less )CVE-2019-16374)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Ldap Injection in Pegasystem | |
| # Date: 16/09/2019 | |
| # Vendor Homepage: https://www.pega.com/ | |
| # Version: 8.2 or less | |
| # Tested on: linux | |
| # CVE : CVE-2019-16374 | |
| Description: Pega Platform 8.2.1 or less allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access | |
| [Additional Information]: | |
| Application allows asterisk in the username parameter where the application is integrated with LDAP. The XSS filter implemented in sanitizing the user input at login function is failed to filter out the asterisk '*' value which allowed to exploit this vulnerability and lead to password spraying attack. | |
| I found this vulnerability after reviewing the skeleton source code. There are many servers found vulnerable in the internet. | |
| Vendor: PegaSystems | |
| Timeline: | |
| 1. Submitted the finding to vendor and CVEmitre on September 6th 2019. | |
| 2. CVEmitre responded and assigned a CVE on Sept 16th 2019. But, No response received from vendor | |
| 3. After continuous followup with vendor, finally responded back on October 17th 2019 to discuss on the issue.. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment