PT-2024-21071 · Avsystem · Avsystem Unified Management Platform
Published
2024-03-18
·
Updated
2024-08-28
·
CVE-2024-25655
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS
Description
The issue concerns the insecure storage of LDAP passwords in the authentication functionality. This allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP.
Recommendations
For AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS, consider restricting access to the application database to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit read access to sensitive data, especially LDAP passwords, to prevent unauthorized decryption.
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avsystem Unified Management Platform