CVE-2021-29156 Proof-of-Concept

(c) 2021 GuidePoint Security
Charlton Trezevant [email protected]

Background

Today GuidePoint is pleased to release a functional Proof-of-Concept tool for CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0. This vulnerability allows an attacker to extract a variety of information (such as a user’s password hash) from vulnerable OpenAM servers using a character-by-character brute force attack.

Usage

To use this tool, simply adjust the baseURL, proxy, and user variables and run the script.

By default, this tool is configured to extract the password hash of the amAdmin user. As valid characters are discovered, the password hash string will be displayed in the console. Further adjustments may be made to the LDAP injection payloads if exfiltration of other data from the OpenAM instance is desired.

Additional Resources

For a more in-depth look at this vulnerability, PortSwigger has an excellent writeup of the exploit itself and its theory of operation.

GitHub

View Github