CVE-2020-17477

Name of the Vulnerable Software and Affected Versions UCS@school versions prior to 4.4v5-errata

Description The issue is related to incorrect LDAP ACLs in ucs-school-ldap-acls-master, allowing remote teachers, staff, and school administrators to read LDAP password hashes, including sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory, via LDAP search requests. This could enable a teacher to gain administrator access via an NTLM hash.

Recommendations For versions prior to 4.4v5-errata, update to version 4.4v5-errata or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP search requests to minimize the risk of exploitation.