Ping Identity PingIDM 7.5.0 Query Filter Injection

Discussion in 'News Aggregator' started by Packet Storm, 2 Nov 2024.

  1. Packet Storm

    Packet Storm Guest

    Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).

    Continue reading...
     

Share This Page

Loading...