LDAP Password Disclosure Vulnerability in Ivanti Avalanche

LDAP Password Disclosure Vulnerability in Ivanti Avalanche

CVE-2018-8901 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.

Learn more about our User Device Pen Test.