Active Directory Integration < 4.1.10 – Unauthenticated Log Disclosure | CVE 2023-5003 | Plugin Vulnerabilities

Description

The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Proof of Concept

This requires the plugin's `Log Authentication Requests` setting to be set in LDAP/Active Directory Login for Intranet > Authentication Report.

Once some authentication issues were logged, and the administrator exported said logs, the resulting CSV file remains publicly accessible at the following address:

curl {{base_url}}/wp-content/ldap-authentication-report.csv

Affects Plugins

ldap-login-for-intranet-sites

Fixed in 4.1.10

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Pedro José Navas Pérez from Hispasec

Submitter

Pedro José Navas Pérez from Hispasec

Submitter website

https://medium.com/@cybertrinchera

Submitter twitter

Verified

Yes

WPVDB ID

91f4e500-71f3-4ef6-9cc7-24a7c12a5748

Timeline

Publicly Published

2023-09-25 (about 7 months ago)

Added

2023-09-25 (about 7 months ago)

Last Updated

2023-09-25 (about 7 months ago)

Other

Published

Title

Published

2024-03-04

Title

JM Twitter Cards < 14.1.0 - Password Protected Post Access

Published

2024-01-17

Title

Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure

Published

2024-03-19

Title

Easy Maintenance Mode <= 1.4.2 - Information Exposure

Published

2023-12-27

Title

FastDup < 2.1.8 - Sensitive Information Exposure via Log File

Published

2023-10-16

Title

404 Solution < 2.33.1 - Sensitive Information Exposure