CVE-2025-34270

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Nagios Log Server versions prior to 2024R2.0.2

Description The software contains a flaw in the AD/LDAP user import functionality where the password field is not properly masked during import. This can lead to the exposure of plaintext passwords in the user interface, logs, or diagnostic output, potentially compromising sensitive credentials to administrators or those with access to import results.

Recommendations Update to version 2024R2.0.2 or later.

Fix

Insufficiently Protected Credentials

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-312

Related Identifiers

BDU:2025-15423

CVE-2025-34270

Affected Products

Nagios Log Server

CVE-2025-34270

Weakness Enumeration

Related Identifiers

Affected Products

References · 10