An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-29T15:00:00

Updated: 2024-08-05T07:10:46.654Z

Reserved: 2018-03-21T00:00:00

Link: CVE-2018-8901

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-29T15:29:00.413

Modified: 2024-11-21T04:14:33.857

Link: CVE-2018-8901

cve-icon Redhat

No data.