Exploitation Summary
EIP tracks 1 public exploit for CVE-2022-43959. PoCs published by secware-ru.
AI-analyzed exploit summary This repository provides a detailed writeup for CVE-2022-43959, an information disclosure vulnerability in Bitrix24's AD/LDAP connector module. The vulnerability allows remote administrators to discover AD/LDAP administrative passwords by viewing the source code of a specific page.
Description
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
Exploits (1)
This repository provides a detailed writeup for CVE-2022-43959, an information disclosure vulnerability in Bitrix24's AD/LDAP connector module. The vulnerability allows remote administrators to discover AD/LDAP administrative passwords by viewing the source code of a specific page.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N