Vulnerability: Unauthorized Access to Private Attributes in 389-ds-base Plugin

Vulnerability: Unauthorized Access to Private Attributes in 389-ds-base Plugin

CVE-2019-14824 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

Learn more about our Web Application Penetration Testing UK.