Description
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.
References
https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/
ExploitThird Party Advisory
https://www.usom.gov.tr/bildirim/tr-21-0795
Third Party Advisory
CVSS impact metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.6 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-10-01T15:15:07.883
3 years agoLast modified
2024-09-16T20:15:40.320
9 months ago