NuytsTech Security

CVE-2022-43959

by ·

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.

Date published : 2023-01-20

https://github.com/secware-ru/CVE-2022-43959

https://www.bitrix24.com/prices/self-hosted.php

Tags: