CVE-2024-54852 – This LDAP injection vulnerability in Teedy allo... (How to Fix)

Q: What is the severity of CVE-2024-54852?

CVE-2024-54852 has a CVSS score of 9.8 (CRITICAL). This LDAP injection vulnerability in Teedy allows unauthenticated attackers to manipulate LDAP queries through the login form's username field. Attackers can create arbitrary accounts and perform password spraying attacks. Affects Teedy versions 1.9 through 1.12 with LDAP authentication enabled.

📋 TL;DR

This LDAP injection vulnerability in Teedy allows unauthenticated attackers to manipulate LDAP queries through the login form's username field. Attackers can create arbitrary accounts and perform password spraying attacks. Affects Teedy versions 1.9 through 1.12 with LDAP authentication enabled.

💻 Affected Systems

Products:

Teedy

Versions: 1.9 to 1.12

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when LDAP authentication is enabled. Local authentication or other auth methods are not affected.

📦 What is this software?

Teedy by Sismics

View all CVEs affecting Teedy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via account creation with administrative privileges, leading to data theft, ransomware deployment, or persistent backdoor access.

🟠

Likely Case

Unauthorized account creation allowing attackers to access sensitive documents, escalate privileges, or maintain persistence in the environment.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring detecting unusual account creation.

🌐 Internet-Facing: HIGH - Unauthenticated exploit allows remote attackers to compromise internet-facing Teedy instances without credentials.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires LDAP authentication to be enabled.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple injection payloads can be crafted based on LDAP query syntax. Public proof-of-concept demonstrates account creation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.13 or later

Vendor Advisory: https://github.com/sismics/docs/releases

Restart Required: Yes

Instructions:

1. Backup Teedy data and configuration. 2. Download Teedy version 1.13 or newer. 3. Stop Teedy service. 4. Replace with patched version. 5. Restart Teedy service. 6. Verify LDAP authentication works correctly.

🔧 Temporary Workarounds

Disable LDAP Authentication

all

Temporarily disable LDAP authentication and use local authentication only until patching is possible.

Edit Teedy configuration to set 'ldap.enabled=false' or remove LDAP configuration

Network Access Control

linux

Restrict access to Teedy login page to trusted IP addresses only.

iptables -A INPUT -p tcp --dport 8080 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block LDAP injection patterns in username field
Enable detailed logging for all authentication attempts and monitor for unusual account creation patterns

🔍 How to Verify

Check if Vulnerable:

Check if Teedy version is between 1.9-1.12 and LDAP authentication is enabled in configuration.

Check Version:

Check Teedy web interface admin panel or configuration files for version information.

Verify Fix Applied:

Confirm Teedy version is 1.13 or newer and test LDAP authentication with various username inputs.

📡 Detection & Monitoring

Log Indicators:

Unusual LDAP query patterns in authentication logs
Multiple failed login attempts with special characters in username
Unexpected account creation events

Network Indicators:

HTTP POST requests to login endpoint containing LDAP special characters (=, *, (, ), \, /, +, <, >, ;)

SIEM Query:

source="teedy.logs" AND (username=*\28* OR username=*\29* OR username=*\2A* OR username=*\3D*)

📊 Metadata

CVE ID: CVE-2024-54852

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-90

EPSS Score: 0.63% exploit probability (69.7th percentile)

Published: January 29, 2025

Last Updated: May 24, 2025

🔗 References

https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md Exploit,Third Party Advisory
https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2024-54852/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54852, you might also want to check these: