Inclusion of Sensitive Information in Log Files in Netatalk - #VU137337
Published: July 12, 2026
Netatalk
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to insertion of sensitive information into log files in LDAP bind error handling when an LDAP bind attempt fails. A remote attacker can trigger a failed LDAP bind to disclose sensitive information.
The bind password is logged at error level in cleartext.