Vulnerabilities > CVE-2007-5373 - Cryptographic Issues vulnerability in Ldapscripts 1.4/1.7
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3A81017A815411DC92830016179B2DD5.NASL description Ganael Laplanche reports : Up to now, each ldap* command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a `ps` during the call. This is now avoided by using the -y parameter and a password file. last seen 2020-06-01 modified 2020-06-02 plugin id 27550 published 2007-10-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27550 title FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (3a81017a-8154-11dc-9283-0016179b2dd5) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1517.NASL description Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing. last seen 2020-06-01 modified 2020-06-02 plugin id 31588 published 2008-03-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31588 title Debian DSA-1517-1 : ldapscripts - programming error