CVE-2024-41667: OpenAM Vulnerability Exposes Authentication Systems to Critical Risk
A severe security vulnerability, identified as CVE-2024-41667 and rated with a CVSS score of 8.8, has been discovered in Open Identity Platform OpenAM, a comprehensive access management solution. This flaw allows remote attackers to execute arbitrary code on affected systems, posing a significant threat to organizations leveraging OpenAM for authentication, Single Sign-On (SSO), authorization, federation, entitlements, and web services security.
The flaw, discovered by security researcher AfterSnows, stems from a FreeMarker template injection issue in the getCustomLoginUrlTemplate method, enabling attackers to manipulate user input and gain unauthorized control over authentication processes. OpenAM developers intended to offer a customizable URL for handling login overrides but failed to restrict the CustomLoginUrlTemplate, leaving it susceptible to malicious inputs.
Security researcher AfterSnows, who discovered and reported the CVE-2024-41667 vulnerability, also released a detailed proof-of-concept demonstrating how to reproduce the issue. By sending a specially crafted request containing the malicious template, an attacker could exploit the vulnerability to execute arbitrary code on the affected system, potentially gaining full control over it.
The impact of this vulnerability is profound, especially for organizations relying on OpenAM for critical access management functions. Unauthorized code execution could lead to data breaches, system compromise, and unauthorized access to sensitive information.
To mitigate the risk of exploitation, OpenAM users should:
- Upgrade: Update to OpenAM version 15.0.4 or later, which includes a fix for this vulnerability.
- TemplateClassResolver: Implement the TemplateClassResolver.SAFER_RESOLVER to disable the resolution of commonly exploited classes in FreeMarker templates, as recommended by the OpenAM team.
