Security Advisory

CVE-2020-17477

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-26 00:00:00

Last updated 2024-09-10 16:32:50

Assigner mitre

State PUBLISHED

Description

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.

← Browse all CVEs View on cve.org ↗