When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
When LDAP server integration is enabled in Teedy, user input in the username field is not properly validated or sanitized before being passed to the LDAP query. An attacker can inject specially crafted character sequences (LDAP injection), manipulating the authentication query logic. As a result, it is possible to create arbitrary user accounts and conduct password spraying attacks on existing accounts.
An unauthenticated attacker can create arbitrary accounts in the system and conduct password spraying attacks, which may result in unauthorized access to the application and data stored within it.
Patches available from the vendor should be applied in accordance with the references. As a temporary remediation measure until the update is deployed, it is recommended to disable LDAP integration in the application configuration.
Sismics Teedy versions 1.9 to 1.12 with activated LDAP integration.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSismics Teedy
APPSismics1.9 – 1.12
Related vulnerabilities
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the name of a crea...
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The “search term"...
Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin.
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.