CVE-2024-25655 Information

Description

Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP.

Reference

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25655