| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Apr 2017 16:48:22 +1000 From: Patrick Webster <patrick@...security.com.au> To: bugtraq@...urityfocus.com Subject: AirWatch Self Service Portal Username Parameter LDAP Injection https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html Date: 04-Apr-2017 Product: AirWatch Self Service MDM Versions affected: v6.1.x v6.4.x Vulnerability: LDAP injection Example: https://[target]/DeviceManagement/ URL accepts the following POST parameters: AuthenticationMode ActivationCode Username Password Login The 'Username' parameter appears to be vulnerable to an LDAP injection attack. A query of: *)(sn=* Takes a long time to complete (talking minutes), due to valid injection of an LDAP query which enumerates the entire LDAP directory. Other normal (or syntax invalid LDAP) requests are answered within seconds. Credit: Discovered by Patrick Webster Disclosure timeline: 20-Aug-2013 - Discovered during audit. 23-Aug-2013 - Reported to vendor. 26-Aug-2013 - Vendor acknowledged report. 09-Sep-2013 - Vendor confirmed. 15-Oct-2013 - Vendor released v6.5 including fix. 04-Apr-2017 - Public disclosure. About OSI Security: OSI Security is an independent network and computer security auditing and consulting company based in Sydney, Australia. We provide internal and external penetration testing, vulnerability auditing and wireless site audits, vendor product assessments, secure network design, forensics and risk mitigation services. We can be found at http://www.osisecurity.com.au/
Powered by blists - more mailing lists