CVE-2022-23942
CVE-2022-23942 affects Apache Doris versions prior to 1.0.0, where the LDAP password cipher uses a hardcoded key and IV, enabling information disclosure. The issue is exploitable over the network with low attack complexity and no authentication required, compromising confidentiality (per CVSS met...