Published: 27/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A vulnerability was found in Portainer prior to 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
portainer portainer

LEMPO (Ldap Exposure on POrtainer) is an exploit for CVE-2018-19466 (LDAP Credentials Disclosure on Portainer). Featured @ DevFest Siberia 2018

Lempo: LDAP Exposure on POrtainer CVE-2018-19466 | Mauro Eldritch AKA plaguedoktor /lemporb TARGET_IP TARGET_USER TARGET_PASSWORD This exploit is a complement to my talk Hacking Docker with PAZUZU Presentations # Date Conference Link to Video Link to Slides 1 NOV-2018 DEVFEST Siberia TBA drivegooglecom/open?id=1uXFrLT

CWE-522 https://github.com/portainer/portainer/releases https://github.com/portainer/portainer/pull/2488 https://github.com/MauroEldritch/lempo https://nvd.nist.gov https://github.com/MauroEldritch/lempo

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19466

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect