CVE-2007-5373

CVE-2007-5373 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

Learn more about our User Device Pen Test.