Univention Bugzilla – Bug 54256
Portal: information disclosure?
Last modified: 2021-12-17 15:28:35 CET
curl https://demo.univention.de/univention/portal/portal.json | python -m json.tool | less The portal.json leak information about the LDAP structure for unauthenticated users. e.g. the property "allowedGroups" reveals group names the property "dn" leaks information about the LDAP container structure. Question: is this problematic? Question: do we need to expose the allowedGroups in the frontend - I think everything regarding this is handled in the backend - so we can remove it.
Created attachment 10882 [details] Fresh installation fuzzing http /univention/portal from localhost portforwarding ssh -SW wfuzz -portforward ssh tunneling reverse -dictionary : https://github.com/daviddias/node-dirbuster/blob/master/lists/directory-list-2.3-medium.txt - machine with UCS 5.0: 10.200.88.2 Image : 4990 isanchez_ildefonso-univention-ldap running snapshot: virsh snapshot-list isanchez_ildefonso-univention-ldap Name Creation Time State ------------------------------------------------------------ 1639748851 2021-12-17 14:47:31 +0100 running