Description

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Related CPE's

a

pardus

liderahenk

Vulnerable

References

https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/

ExploitThird Party Advisory

https://www.usom.gov.tr/bildirim/tr-21-0795

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-306

[email protected]

Secondary
CWE-306

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T15:15:07.883

3 years ago

Last modified

2024-09-16T20:15:40.320

9 months ago