{"vulnerability": "CVE-2023-33254", "sightings": [{"uuid": "4be0a5a1-4723-426d-94e9-26058a94f136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33254", "type": "seen", "source": "https://t.me/cibsecurity/64499", "content": "\u203c CVE-2023-33254 \u203c\n\nThere is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T02:25:01.000000Z"}, {"uuid": "805ca4fb-dfee-46e6-92b5-630d690b18c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33254", "type": "seen", "source": "Telegram/1xYPApKroK8NNrI0VRas_lTyev040vXmNFr6VPCPgipazjfd", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}]}