Source |
CVE Liste |
Identifiant |
8400893 |
Date de publication |
2023-10-26 13:15:09 (vue: 2023-10-26 15:08:47) |
Titre |
CVE-2020-17477 |
Texte |
ACLS LDAP incorrects dans UCS-School-LDAP-ACLS-Master dans UCS @ School Avant 4.4V5-ERRATA Permettez aux enseignants distants, au personnel et aux administrateurs scolaires pour lire les hachages de mot de passe LDAP (SambantPassword, Krb5key, Sambapasswordhistory et Pwhistory) via les demandes de recherche LDAP LDAP..Par exemple, un enseignant peut accéder à l'administrateur via un hachage NTLM.
Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. |
Envoyé |
Oui |
Condensat |
17477 2020 4v5 access acls administrator administrators allow before can cve errata example gain hash hashes incorrect krb5key ldap master ntlm password pwhistory read remote requests sambantpassword sambapasswordhistory school search staff teacher teachers ucs ucs@school |
Tags |
|
Stories |
|
Notes |
|
Move |
|