RSS   Vulnerabilities for 'Ldapscripts'   RSS

2007-10-11
 
CVE-2007-5373

CWE-DesignError
 

 
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

 


Copyright 2024, cxsecurity.com

 

Back to Top