OpenAM 14.6.4 still contains the CVE-2021-29156 #459
Answered
by
maximthomas
hoangnguyen115
asked this question in
Q&A
-
|
Hi guys, I am still able to exploit the amadmin password hash (the CVE-2021-29156) after the upgrade of OpenAM to the version 14.6.4 (following this article: https://portswigger.net/research/hidden-oauth-attack-vectors). As it is stated that is CVE has been fixed since 14.6.3, can anyone explain me why the exploit still works? Thanks |
Beta Was this translation helpful? Give feedback.
Answered by
maximthomas
Feb 12, 2022
Replies: 2 comments 1 reply
-
|
@hoangnguyen115 The issue was fixed but has was not been released yet |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you @maximthomas and @vharseko |
Beta Was this translation helpful? Give feedback.
Answer selected by
hoangnguyen115
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@hoangnguyen115 The issue was fixed but has was not been released yet