Description
Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.
Published: 2026-03-16
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Workaround
AI Analysis

Impact

The vulnerability stems from a non‑functional logout feature in Truesec’s LAPSWebUI prior to version 2.4. Because the logout does not invalidate the session, local admin credentials remain exposed for any user who has access to a workstation running the application. An attacker can acquire the local administrator password from the session, enabling them to raise their privileges on that system. This weakness is classified as a priority three credential disclosure and aligns with CWE‑613.

Affected Systems

The affected product is Truesec LAPSWebUI, any release before v2.4. Administrators running versions earlier than 2.4 should be aware that a session can still carry valid local administrator credentials after a user logs out. The vendor recommends enabling the Force Reauth on Password request setting to enforce re‑authentication with Entra ID whenever a password is displayed, thereby limiting the window during which the credentials are available.

Risk and Exploitability

The CVSS score for this issue is 6, indicating moderate severity, and the EPSS score is below 1 %, suggesting that exploitation is unlikely but still possible if an attacker has local access. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local workstation user who has logged into LAPSWebUI; the exploit requires no network access and would be easiest where users are permitted to remain logged in for extended periods.

Generated by OpenCVE AI on March 22, 2026 at 14:46 UTC.

Remediation

Vendor Workaround

Configure LAPSWebUI to require Entra ID sign-in every time a user wants to display a password, by enabling the setting Force Reauth on Password request.

OpenCVE Recommended Actions

  • Enable Force Reauth on Password request in LAPSWebUI to require Entra ID sign‑in each time a password is requested.
  • Upgrade Truesec LAPSWebUI to version 2.4 or later where the logout functionality is corrected.
  • Restrict workstation access to prevent unauthorized users from gaining session data, and enforce strict least‑privilege policies for local accounts.

Generated by OpenCVE AI on March 22, 2026 at 14:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:truesec:lapswebui:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Truesec
Truesec lapswebui
Vendors & Products Truesec
Truesec lapswebui

Mon, 16 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 11:00:00 +0000

Type Values Removed Values Added
Description Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password.
Title Insecure Logout Functionality in Truesec LAPSWebUI
Weaknesses CWE-613
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Truesec Lapswebui
cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC-FI

Published:

Updated: 2026-03-16T18:01:00.996Z

Reserved: 2026-02-02T05:56:43.336Z

Link: CVE-2025-15553

cve-icon Vulnrichment

Updated: 2026-03-16T17:56:24.909Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:56.280

Modified: 2026-04-20T13:18:41.677

Link: CVE-2025-15553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:50Z

Weaknesses