An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
References
Link | Resource |
---|---|
https://community.ivanti.com/docs/DOC-68406 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-29T15:00:00
Updated: 2018-06-29T14:57:01
Reserved: 2018-03-21T00:00:00
Link: CVE-2018-8901
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-29T15:29:00.413
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-8901
JSON object: View
Redhat Information
No data.
CWE