发布时间: 2023年8月1日
修改时间: 2024年2月26日
An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 6.5 | 6.5 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | High | High |
| Integrity | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1580 | An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server. | 2023年8月1日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | python-ldap | Unaffected |
| KY3.4-5 | python-ldap | Unaffected |
| KY3.5.1 | python-ldap | Unaffected |
| KY3.5.2 | python-ldap | Unaffected |
