LDAP Injection Flaw in Apereo Central Authentication Service Server
CVE-2015-1169

Currently unrated

Key Information:

Vendor

Apereo

Vendor
CVE Published:
10 February 2015

What is CVE-2015-1169?

The Apereo Central Authentication Service Server prior to version 3.5.3 is susceptible to LDAP injection attacks. An attacker can exploit this vulnerability by submitting specially crafted usernames, leveraging wildcards in the LDAP queries. This enables an attacker to bypass authentication mechanisms, potentially gaining unauthorized access to sensitive systems and data. Proper validation and sanitization of user inputs are essential to mitigate this security risk.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.