Unsecured API in LiderAhenk Software Allows Leakage of LDAP Credentials

Unsecured API in LiderAhenk Software Allows Leakage of LDAP Credentials

CVE-2021-3825 · CRITICAL Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Learn more about our Api Penetration Testing.