Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI
Vulnerability Description
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.
CVSS Information
N/A
Vulnerability Type
不充分的凭证保护机制
Vulnerability Title
YugabyteDB Anywhere 安全漏洞
Vulnerability Description
YugabyteDB Anywhere是美国YugabyteDB公司的一个数据库。 YugabyteDB Anywhere存在安全漏洞,该漏洞源于Web界面以明文显示LDAP绑定密码,可能导致经过身份验证的用户获取凭据,造成未授权访问。
CVSS Information
N/A
Vulnerability Type
N/A