#ldap

This Metasploit module is designed to exploit the JNDI injection vulnerability in Druid. The vulnerability specifically affects the indexer/v1/sampler interface of Druid, enabling an attacker to execute arbitrary commands on the targeted server. The vulnerability is found in Apache Kafka clients versions ranging from 2.3.0 to 3.3.2. If an attacker can manipulate the sasl.jaas.config property of any of the connector's Kafka clients to com.sun.security.auth.module.JndiLoginModule, it allows the server to establish a connection with the attacker's LDAP server and deserialize the LDAP response. This provides the attacker with the capability to execute java deserialization gadget chains on the Kafka connect server, potentially leading to unrestricted deserialization of untrusted data or even remote code execution (RCE) if there are relevant gadgets in the classpath. To facilitate the exploitation process, this module will initiate an LDAP server that the target server needs to connect to in...

A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

Ubuntu Security Notice 6156-2 - USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.

Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This Metasploit module exploits this vulnerability to trigger the JNDI connection to a LDAP server you control. The LDAP server will then respond with a remote reference response that points to a HTTP server that you control, where the malicious Java class file will be hosted. Oracle Weblogic will then make an HTTP request to retrieve the malicious Java class file, at which point our HTTP server will serve up the malicious class file and Oracle Weblogic will instantiate an instance of that class, granting us remote code execution as the oracle user.