Almost Impossible: Java Deserialization Through Broken Crypto in OpenText Directory Services

A research article details a vulnerability in OpenText Directory Services exploiting a flaw in defective cryptography to carry out a Java deserialization attack. The issue stems from weak or poorly implemented encryption, allowing the manipulation of serialized data. This vulnerability could lead to remote arbitrary code execution. The study describes the underlying technical mechanism.