VYPR
Unrated severityNVD Advisory· Published Oct 11, 2007· Updated Jun 16, 2026

CVE-2007-5373

CVE-2007-5373

Description

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

Affected products

3
  • cpe:2.3:a:ldapscripts:ldapscripts:1.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ldapscripts:ldapscripts:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ldapscripts:ldapscripts:1.7:*:*:*:*:*:*:*
    • (no CPE)range: 1.4, 1.7

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.