Lucene search
Pedro José Navas Pérez from HispasecWPVDB-ID:91F4E500-71F3-4EF6-9CC7-24A7C12A5748HistorySep 25, 2023 - 12:00 a.m.
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
2023-09-2500:00:00
Pedro José Navas Pérez from Hispasec
wpscan.com
8
active directory
unauthenticated log disclosure
ldap logs
0.005 Low
EPSS
Percentile
75.6%
Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
PoC
This requires the plugin’s Log Authentication Requests setting to be set in LDAP/Active Directory Login for Intranet > Authentication Report. Once some authentication issues were logged, and the administrator exported said logs, the resulting CSV file remains publicly accessible at the following address: curl {{base_url}}/wp-content/ldap-authentication-report.csv
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.1.10 |
Related
nvd
nvd
CVE-2023-5003
2023-10-16 20:15:17
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
cvelist
cvelist
cve
cve
CVE-2023-5003
2023-10-16 20:15:17
nuclei
nuclei
Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure
2024-04-30 16:49:12
wpexploit
wpexploit
Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure
2023-09-25 00:00:00