Charlton's Blog

LDAP Injection in ForgeRock OpenAM: Exploiting CVE-2021-29156

A nifty attack tool I wrote for work.

Published: Dec 14, 2021
Category: Programming, Projects, Publications, Security
Tags: , , ,

Last month, my employer was gracious enough to clear the release of a small attack tool I wrote for one of my past engagements.

This is a small utility for exploiting CVE-2021-29156, an LDAP injection vulnerability in ForgeRock OpenAM v13.0.0. It was born out of necessity (I couldn’t find any PoCs when I needed it), so I hope that others will find it useful!

You can find the full writeup on the GuidePoint blog, along with the code on GitHub.