CVE-2013-5572

Published: 01 October 2013

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Priority

Medium

Status

Package Release Status
zabbix
Launchpad, Ubuntu, Debian
Upstream
Released (2.2.2)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1:2.2.2+dfsg-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:2.2.2+dfsg-1)

Notes

AuthorNote
seth-arnold
may require an authenticated user to carry out attack on another
user, perhaps with different privileges

References