An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects customers who have enabled LDAP authentication in their configuration.
References
Link | Resource |
---|---|
https://community.ivanti.com/docs/DOC-68406 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-06-29 15:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-8901
Mitre link : CVE-2018-8901
CVE.ORG link : CVE-2018-8901
JSON object : View
Products Affected
ivanti
- avalanche
CWE