QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34270

Published: Oct 30, 2025

Modified: Nov 17, 2025

PUBLISHED

Description

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results.

Vendor	Product	Versions
Nagios	Log Server	affected `0 - < 2024R2.0.2`

Weaknesses (CWE)

References

https://www.nagios.com/products/security/#log-server-2024R2

vendor-advisory

patch

https://www.nagios.com/changelog/#log-server

release-notes

patch

https://support.nagios.com/kb/article/authenticating-and-importing-users-with-ad-and-ldap-995.html

product

https://www.vulncheck.com/advisories/nagios-log-server-ad-ldap-import-password-not-obfuscated

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.