An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://community.ivanti.com/docs/DOC-68406 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-06-29T15:00:00
Updated: 2024-08-05T07:10:46.654Z
Reserved: 2018-03-21T00:00:00
Link: CVE-2018-8901
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-29T15:29:00.413
Modified: 2024-11-21T04:14:33.857
Link: CVE-2018-8901
Redhat
No data.