CVE-2021-3825
9.6 CRITICALOn 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API
Published: 2021-10-01 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 9.6 CRITICAL
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-306
Affected products
| Vendor | Product |
|---|---|
| pardus | liderahenk |
Description
On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3825
- [Exploit reference]https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/
- [Other]https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-21-0795
- [Other]https://www.usom.gov.tr/bildirim/tr-21-0795
- [Exploit reference]https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/
- [Other]https://www.usom.gov.tr/bildirim/tr-21-0795
Related CVEs
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-53868 — Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ... (7.5 HIGH)
- CVE-2026-50287 — AgenticMail gives AI agents real email addresses and phone numbers
- CVE-2026-53981 — Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)
- CVE-2026-50085 — The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker wit... (8.6 HIGH)