CVE-2015-1169
10.02.2015, 20:59
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication.
Vendor | Product | Version |
---|---|---|
apereo | central_authentication_service | 𝑥 ≤ 3.5.2 |
𝑥
= Vulnerable software versions
References