/Ldap Injection in PegaSystem 8.2 or less )CVE-2019-16374)
Last active Aug 12, 2020
Ldap Injection in PegaSystem 8.2 or less )CVE-2019-16374)
| # Exploit Title: Ldap Injection in Pegasystem | |
| # Date: 16/09/2019 | |
| # Vendor Homepage: https://www.pega.com/ | |
| # Version: 8.2 or less | |
| # Tested on: linux | |
| # CVE : CVE-2019-16374 | |
| Description: Pega Platform 8.2.1 or less allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access | |
| [Additional Information]: | |
| Application allows asterisk in the username parameter where the application is integrated with LDAP. The XSS filter implemented in sanitizing the user input at login function is failed to filter out the asterisk '*' value which allowed to exploit this vulnerability and lead to password spraying attack. | |
| I found this vulnerability after reviewing the skeleton source code. There are many servers found vulnerable in the internet. | |
| Vendor: PegaSystems | |
| Timeline: | |
| 1. Submitted the finding to vendor and CVEmitre on September 6th 2019. | |
| 2. CVEmitre responded and assigned a CVE on Sept 16th 2019. But, No response received from vendor | |
| 3. After continuous followup with vendor, finally responded back on October 17th 2019 to discuss on the issue.. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment