Vulnerability: Unauthorized Access to Private Attributes in 389-ds-base Plugin
CVE-2019-14824 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Learn more about our Web Application Penetration Testing UK.