Description The plugin stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so.
This requires the plugin's `Log Authentication Requests` setting to be set in LDAP/Active Directory Login for Intranet > Authentication Report.
Once some authentication issues were logged, and the administrator exported said logs, the resulting CSV file remains publicly accessible at the following address:
curl {{base_url}}/wp-content/ldap-authentication-report.csv