Headline
CVE-2022-34298: Release 14.6.6 · OpenIdentityPlatform/OpenAM
The NT auth module in OpenAM before 14.6.6 allows a “replace Samba username attack.”
What’s Changed
- fix WindowsDesktopSSO auth module NPE when kerberos token was not set by @maximthomas in #510
- Issues/fix frontend build by @maximthomas in #511
- FIX ObjectIdentifier equals by String form by @vharseko in #512
- CVE-2022-34298 fix NT auth module vulnerability by @maximthomas (thanks Aliz Hammond , at watchTowr) in #514
Full Changelog: 14.6.5…14.6.6
Related news
GHSA-px3r-27qc-hx5g: NT auth module vulnerability in OpenAM
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."