CVE-2022-31085
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-31085
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31085.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-31085
- Aliases
-
- GHSA-6m3q-5c84-6h6j
- Downstream
- Published
- 2022-06-27T20:55:21Z
- Modified
- 2025-11-04T20:01:55.073151Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Missing Encryption of Sensitive Data in ldap-account-manager
- Details
-
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.
- Database specific
{ "cwe_ids": [ "CWE-311" ] }- References
Affected packages
Git / github.com/ldapaccountmanager/lam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ldapaccountmanager/lam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
lam_5_4
lam_5_4_RC1
lam_5_5
lam_5_5_RC1
lam_5_6
lam_5_6_RC1
lam_5_7
lam_5_7_RC1
lam_6_0
lam_6_0_1
lam_6_0_RC1
lam_6_0_RC2
lam_6_1
lam_6_1_RC1
lam_6_2
lam_6_2_1
lam_6_2_RC1
lam_6_3
lam_6_3_RC1
lam_6_4
lam_6_4_RC1
lam_6_5
lam_6_5_RC1
lam_6_6
lam_6_6_RC1
lam_6_7
lam_6_7_RC1
lam_6_8
lam_6_8_RC1
lam_6_9
lam_6_9_RC1
lam_7_0
lam_7_0_RC1
lam_7_1
lam_7_1_RC1
lam_7_2
lam_7_2_RC1
lam_7_3
lam_7_3_RC1
lam_7_4
lam_7_4_RC1
lam_7_5
lam_7_5_RC1
lam_7_6
lam_7_6_RC1
lam_7_7
lam_7_7_RC1
lam_7_8
lam_7_8_RC1
lam_7_9
lam_7_9_1
lam_7_9_RC1
lam_8_0_RC1
untagged-0f11e4b04e249cac51c5