Skip to main content

Missing Authentication for Critical Function

CVE-2021-3825

Severity High
Score 9.6/10

Summary

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

  • LOW
  • ADJACENT_NETWORK
  • HIGH
  • CHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-306 - Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

Advisory Timeline

  • Published