LDAP Injection in ForgeRock OpenAM: Exploiting CVE-2021-29156
A nifty attack tool I wrote for work.
Published: Dec 14, 2021Charlton Trezevant
Last month, my employer was gracious enough to clear the release of a small attack tool I wrote for one of my past engagements.
This is a small utility for exploiting CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0. It was born out of necessity (I couldn’t find any PoCs when I needed it), so I hope that others will find it useful!
You can find the full writeup on the GuidePoint blog, along with the code on GitHub.