Lucene search

K
wpexploitPedro José Navas Pérez from HispasecWPEX-ID:91F4E500-71F3-4EF6-9CC7-24A7C12A5748
HistorySep 25, 2023 - 12:00 a.m.

Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure

2023-09-2500:00:00
Pedro José Navas Pérez from Hispasec
39
plugin setting
log authentication requests
csv file disclosure
unauthenticated access

EPSS

0.005

Percentile

77.4%

Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.

This requires the plugin's `Log Authentication Requests` setting to be set in LDAP/Active Directory Login for Intranet > Authentication Report.

Once some authentication issues were logged, and the administrator exported said logs, the resulting CSV file remains publicly accessible at the following address:

curl {{base_url}}/wp-content/ldap-authentication-report.csv

EPSS

0.005

Percentile

77.4%

Related for WPEX-ID:91F4E500-71F3-4EF6-9CC7-24A7C12A5748