ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ldapscripts ldapscripts 1.4 |
||
ldapscripts ldapscripts 1.7 |