Vulnerability Description
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apereo | Central Authentication Service | <= 3.5.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-AuthenticationExploit
- http://seclists.org/fulldisclosure/2015/Jan/87Exploit
- https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c
- https://github.com/Jasig/cas/pull/411
- https://issues.jasig.org/browse/CAS-1429Exploit
- http://packetstormsecurity.com/files/130053/CAS-Server-3.5.2-LDAP-AuthenticationExploit
- http://seclists.org/fulldisclosure/2015/Jan/87Exploit
- https://github.com/Jasig/cas/commit/7de61b4c6244af9ff8e75a2c92a570f3b075309c
- https://github.com/Jasig/cas/pull/411
- https://issues.jasig.org/browse/CAS-1429Exploit
FAQ
What is CVE-2015-1169?
CVE-2015-1169 is a vulnerability with a CVSS score of 7.5 (HIGH). Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passwo...
How severe is CVE-2015-1169?
CVE-2015-1169 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1169?
Check the references section above for vendor advisories and patch information. Affected products include: Apereo Central Authentication Service.