3 matches found
CVE-2025-54866
creationtimestamp| type| source ---|---|--- 2025-11-21 19:25:36+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m65z5lknvu2u...
CVE-2025-54866
Wazuh versions 4.3.0 to before 4.13.0 expose a password due to a missing ACL on the Windows file C:\Program Files (x86)\ossec-agent\authd.pass, readable by all authenticated users on the local machine. Root cause: ACL not set to restrict access. Impact: password disclosure on the host. Mitigation...
CVE-2025-54866 Wazuh installation fails to protected authd.pass on Windows
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.3.0 to before 4.13.0, a missing ACL on "C:\Program Files x86\ossec-agent\authd.pass" exposes the password to all "Authenticated Users" on the local machine. This issue has been patched in...