Endi S. Dewata

2 exploits Active since Jun 2024
CVE-2023-4727 WRITEUP HIGH WRITEUP
Red Hat Certificate System 10.4 EUS for RHEL-8 - Authentication Bypass via LDAP Injection
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVSS 7.5
CVE-2023-4727 WRITEUP HIGH WRITEUP
Red Hat Certificate System 10.4 EUS for RHEL-8 - Authentication Bypass via LDAP Injection
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
CVSS 7.5