Vigil@nce - Jasig CAS Server: bypassing LDAP authentication via Wildcard
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the wildcard character on Jasig CAS Server, in
order to ease a brute force attack on the LDAP directory.
Impacted products: CAS Server Jasic
Severity: 2/4
Creation date: 21/01/2015
DESCRIPTION OF THE VULNERABILITY
The Jasig CAS Server product uses a LDAP directory to store
login/password of users.
However, if user "laurent" exists, an attacker can only enter
"la*" with his valid password, to authenticate on the account.
An attacker can therefore use the wildcard character on Jasig CAS
Server, in order to ease a brute force attack on the LDAP
directory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-LDAP-authentication-via-Wildcard-16020