Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Ldap Injection in PegaSystem 8.2 or less )CVE-2019-16374)
# Exploit Title: Ldap Injection in Pegasystem
# Date: 16/09/2019
# Vendor Homepage: https://www.pega.com/
# Version: 8.2 or less
# Tested on: linux
# CVE : CVE-2019-16374
Description: Pega Platform 8.2.1 or less allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access
[Additional Information]:
Application allows asterisk in the username parameter where the application is integrated with LDAP. The XSS filter implemented in sanitizing the user input at login function is failed to filter out the asterisk '*' value which allowed to exploit this vulnerability and lead to password spraying attack.
I found this vulnerability after reviewing the skeleton source code. There are many servers found vulnerable in the internet.
Vendor: PegaSystems
Timeline:
1. Submitted the finding to vendor and CVEmitre on September 6th 2019.
2. CVEmitre responded and assigned a CVE on Sept 16th 2019. But, No response received from vendor
3. After continuous followup with vendor, finally responded back on October 17th 2019 to discuss on the issue..
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment