Primary

Context

Nagios Log Server AD/LDAP Import Password Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Nagios Log Server versions prior to 2024R2.0.2 within the Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) user import feature. The vulnerability arises because the password field is not properly obfuscated during the import process. Consequently, plaintext passwords for imported accounts may be visible in the user interface, logs, or other diagnostic outputs, potentially leaking sensitive credentials to administrators or anyone with access to the import results.

Impact

This vulnerability allows for the exposure of plaintext passwords in the user interface, logs, or other diagnostic outputs, creating a risk of leaking sensitive credentials.

Remediation

Users can upgrade to Nagios Log Server version 2024R2.0.2 or later to address this vulnerability.

Added: Oct 30, 2025, 10:32 PM

Updated: Oct 30, 2025, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nagios Log Server AD/LDAP Import Password Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Nagios Log Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating