Описание
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.4 (включая)
cpe:2.3:a:univention:ucs\@school:*:*:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.
EPSS
Процентиль: 19%
0.00061
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-522