Teedy LDAP Injection Vulnerability Allowing Account Creation and Password Spraying

Vulnerability

A vulnerability allowing LDAP injection has been identified in Teedy versions 1.9 to 1.12, when LDAP connection is enabled. The issue arises from inadequate sanitization of user input in the username field of the login form. This flaw allows an unauthenticated attacker to manipulate LDAP queries, potentially leading to the creation of arbitrary user accounts and password spraying attacks.

Impact

Exploitation of this vulnerability could result in unauthorized account creation and password spraying, increasing the risk of unauthorized access to user accounts.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teedy LDAP Injection Vulnerability Allowing Account Creation and Password Spraying

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating