Unrated severityNVD Advisory· Published Oct 11, 2007· Updated Jun 16, 2026
CVE-2007-5373
CVE-2007-5373
Description
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
Affected products
3cpe:2.3:a:ldapscripts:ldapscripts:1.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ldapscripts:ldapscripts:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:ldapscripts:ldapscripts:1.7:*:*:*:*:*:*:*
- (no CPE)range: 1.4, 1.7
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.