-
Type:
Bug
-
Status: Closed
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: 2.8, 2.9.1
-
Fix Version/s: 2.10.1
-
Component/s: None
-
Symptom Severity:Severity 1 - Critical
-
Last commented by user?:false
-
Bug Fix Policy:
Various resources in Atlassian Crowd before before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories via examining the responses of various resources.