CVE-2020-17477

Published: Oct 26, 2023

Modified: Sep 10, 2024

PUBLISHED

Description

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://forge.univention.org/bugzilla/show_bug.cgi?id=50669

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-17477

Description

Affected Products

References