nuclei-templates/cves/2021/CVE-2021-29156.yaml

27 lines
978 B
YAML

id: CVE-2021-29156
info:
name: LDAP Injection In Openam
author: melbadry9,xelkomy
severity: high
tags: cve,cve2021,openam
description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
reference: https://blog.cybercastle.io/ldap-injection-in-openam/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.50
cve-id: CVE-2021-29156
cwe-id: CWE-74
requests:
- method: GET
path:
- "{{BaseURL}}/openam/ui/PWResetUserValidation"
- "{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation"
- "{{BaseURL}}/ui/PWResetUserValidation"
matchers:
- type: dsl
dsl:
- 'contains(body, "jato.pageSession") && status_code==200'