[CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!

**Description:** https://████████ is vulnerable to CVE-2021-29156. ## References * https://nvd.nist.gov/vuln/detail/CVE-2021-29156 * https://portswigger.net/research/hidden-oauth-attack-vectors * https://github.com/projectdiscovery/nuclei-templates/blob/74db4223c11d27a934ca1c417aa4abca9e70ad35/cves/2021/CVE-2021-29156.yaml ## Impact ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. ## System Host(s) ████████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2021-29156 ## Steps to Reproduce The references mentioned shall be helpful for successful reproduction. ## Suggested Mitigation/Remediation Actions