The vulnerability present in Truesec LAPSWebUI versions prior to 2.4 allows an attacker who can access a workstation to obtain locally‑stored administrator passwords that the browser caches. Because the passwords are stored in a way that the browser automatically caches them, the attacker can read these credentials from the cache, gaining privileged access without needing to compromise the LAPS system itself. The weakness aligns with CWE‑525, related to disclosure of sensitive information from local state, and results in a moderate‑to‑high impact of local privilege escalation.

Truesec LAPSWebUI versions earlier than 2.4 are affected. The flaw is specific to the web interface that leaves passwords in a cacheable HTTP response, exposing them to any user who has logged into the browser on that workstation. Version 2.4 and later eliminate the caching behavior and resolve the issue.

The CVSS base score of 6.0 indicates this flaw is of moderate severity. The EPSS score of less than 1% suggests that the current likelihood of exploitation is low, and the issue is not listed in the CISA KEV catalog. Nonetheless, exploitation requires the attacker to have access to a workstation where the user has logged into LAPSWebUI, after which the attacker can retrieve cached passwords via the browser’s developer tools or cache files. The presence of a simple HTTP header workaround and a patchable upgrade path mitigates the risk.