Active Directory Integration < 4.1.10 – Unauthenticated Log Disclosure | CVE 2023-5003 | Plugin Vulnerabilities

Description

The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

Proof of Concept

This requires the plugin's `Log Authentication Requests` setting to be set in LDAP/Active Directory Login for Intranet > Authentication Report.

Once some authentication issues were logged, and the administrator exported said logs, the resulting CSV file remains publicly accessible at the following address:

curl {{base_url}}/wp-content/ldap-authentication-report.csv

Affects Plugins

ldap-login-for-intranet-sites

Fixed in 4.1.10

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Pedro José Navas Pérez from Hispasec

Submitter

Pedro José Navas Pérez from Hispasec

Submitter website

https://medium.com/@cybertrinchera

Submitter twitter

Verified

Yes

WPVDB ID

91f4e500-71f3-4ef6-9cc7-24a7c12a5748

Timeline

Publicly Published

2023-09-25 (about 2 years ago)

Added

2023-09-25 (about 2 years ago)

Last Updated

2023-09-25 (about 2 years ago)

Other

Published

Title

Published

2025-03-27

Title

Booking for Appointments and Events Calendar – Amelia < 1.2.20 - Unauthenticated Full Path Disclosure

Published

2023-04-10

Title

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

Published

2024-03-28

Title

Paid Memberships Pro – Mailchimp Add On < 2.3.5 - Unauthenticated Information Disclosure

Published

2024-07-04

Title

Table & Contact Form 7 Database – Tablesome < 1.0.34 - Unauthenticated Sensitive Information Exposure

Published

2025-01-14

Title

Htaccess File Editor < 1.0.20 - Unauthenticated Information Exposure