Iag0110

**Name of the Vulnerable Software and Affected Versions** Pega Platform version 8.2.1 **Description** The issue allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. **Recommendations** For Pega Platform version 8.2.1, consider restricting the length and special characters allowed in usernames to prevent LDAP injection attacks. As a temporary workaround, restrict access to LDAP authentication to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.