CVE-2013-5572

Zabbix 2.0.5 - Authenticated LDAP Bind Password Exposure via HTML Source Code

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5572. PoCs published by Pablo González.

AI-analyzed exploit summary This Metasploit auxiliary module exploits an information disclosure vulnerability in Zabbix 2.0.5, where authenticated users can extract LDAP bind credentials from the HTML source code of the authentication page. It requires a valid session cookie to access the management console and parse sensitive fields like ldap_bind_password.

Description

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.

Exploits (1)

exploitdb WORKING POC
by Pablo González · rubywebappsphp
https://www.exploit-db.com/exploits/36157

This Metasploit auxiliary module exploits an information disclosure vulnerability in Zabbix 2.0.5, where authenticated users can extract LDAP bind credentials from the HTML source code of the authentication page. It requires a valid session cookie to access the management console and parse sensitive fields like ldap_bind_password.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zabbix 2.0.5
Auth required
Prerequisites: Valid zbx_sessionid cookie · Access to Zabbix management console
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html

Scores

EPSS 0.0411
EPSS Percentile 89.4%

Details

CWE
CWE-264
Status published
Products (1)
zabbix/zabbix 2.0.5
Published Oct 01, 2013
Tracked Since Feb 18, 2026