## Summary **Description** An LDAP Injection (CWE-90) vulnerability in the MSISDN authentication module allows an unauthenticated, remote attacker to obtain an arbitrary OpenAM session without a password in the default trusted gateway configuration. This impacts OpenAM Community Edition through version 16.0.6. This issue was patched in version 16.1.1. ## Impact OpenAM deployments through version 16.0.6 that have MSISDN enabled are potentially affected. This enables a pre-authentication login