Christian Völker

**Name of the Vulnerable Software and Affected Versions** UCS@school versions prior to 4.4v5-errata **Description** The issue is related to incorrect LDAP ACLs in ucs-school-ldap-acls-master, allowing remote teachers, staff, and school administrators to read LDAP password hashes, including `sambaNTPassword`, `krb5Key`, `sambaPasswordHistory`, and `pwhistory`, via LDAP search requests. This could enable a teacher to gain administrator access via an NTLM hash. **Recommendations** For versions prior to 4.4v5-errata, update to version 4.4v5-errata or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP search requests to minimize the risk of exploitation.