CVE-2023-37468

Name of the Vulnerable Software and Affected Versions Feedbacksystem versions prior to 1.19.2

Description The issue concerns the storage of passwords in clear text for users utilizing LDAP login. Specifically, the LDAP user's password is passed unencrypted in the LoginController.scala and stored in the database during the initial login. This affects only users who log in via LDAP, while those using local or cas login are not impacted.

Recommendations For versions prior to 1.19.2, update to version 1.19.2 to resolve the issue. As a temporary workaround, consider restricting LDAP login until the update is applied.