[midPoint] MidPoint Security Advisories: LDAP Authorization, Password Reset, Self Registration

Tony Tkacik tony.tkacik at evolveum.com
Tue Jun 6 13:50:16 CEST 2023 

Dear midPoint community, 
we issued three new security advisories for midPoint prior to versions 4.4.5, 4.6.1 and 4.7.1 and recommend you to update to the latest midPoint maintenance releases. 

These zero-day vulnerabilities does not affect most of midPoint deployments, affected features are not enabled by default, but please take time to learn if you may be affected. 

Disabled MidPoint users able to log-in when LDAP authentication is enabled (Medium severity, all versions except 4.4.5, 4.6.1, 4.7.1) 
[ https://docs.evolveum.com/midpoint/reference/security/advisories/015-disabled-users-able-to-log-in-with-ldap/ | https://docs.evolveum.com/midpoint/reference/security/advisories/015-disabled-users-able-to-log-in-with-ldap/ ] 
User which is disabled in midPoint, but enabled in LDAP is able to log-in into midPoint if LDAP authentication is enabled. 

Unauthorized user is able to reset password if focusIdentification is enabled (High severity, only 4.7) 
[ https://docs.evolveum.com/midpoint/reference/security/advisories/016-unauth-user-is-able-to-reset-password/ | https://docs.evolveum.com/midpoint/reference/security/advisories/016-unauth-user-is-able-to-reset-password/ ] 
Attacker is able to skip password reset verification steps by manipulating URL if focusIdentification module is enabled. 

Self Registration feature allows to change password of other users (High severity, all versione except 4.4.5, 4.6.1, 4.7.1) 
[ https://docs.evolveum.com/midpoint/reference/security/advisories/017-self-registration-allows-to-change-password/ | https://docs.evolveum.com/midpoint/reference/security/advisories/017-self-registration-allows-to-change-password/ ] 
Attacker is able to disable and/or change password of other user by URL manipulation of post registration form. 


-- 
Anton Tkacik
Software Developer
evolveum.com 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230606/4eb6aa0b/attachment.htm>

More information about the midPoint mailing list