Published: 01/10/2013 Updated: 10/05/2014

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zabbix zabbix 2.0.5

Debian Bug report logs - #737818 zabbix: CVE-2014-1682: API issue allows users to impersonate other users Package: src:zabbix; Maintainer for src:zabbix is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 6 Feb 2014 07:42:06 UTC Severity: grave Tags: security, ups ...

## # This module requires Metasploit # Date: 25-09-2013 # Author: Pablo González # Vendor Homepage: Zabbix -> wwwzabbixcom # Software Link: wwwzabbixcom # Version: 205 # Tested On: Linux (Ubuntu, Suse, CentOS) # CVE: CVE-2013-5572 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2013-5572 # More Info: webnvdnist ...

Zabbix 205 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code ...

CWE-264 http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737818 https://nvd.nist.gov https://www.exploit-db.com/exploits/36157/

CVE-2013-5572

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect