Description

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Related CPE's

a

pardus

liderahenk

Vulnerable

References

https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/

ExploitThird Party Advisory

https://www.usom.gov.tr/bildirim/tr-21-0795

Third Party Advisory

https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/

ExploitThird Party Advisory

https://www.usom.gov.tr/bildirim/tr-21-0795

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-306

[email protected]

Secondary
CWE-306

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T13:15:07.883Z

4 years ago

Last modified

2024-11-21T05:22:32.840Z

1 year ago