Description
Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.
Published: 2026-05-21
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, creating a vulnerability that allows an attacker who can read these logs to obtain LDAP credentials. This credential compromise can enable unauthorized access and lateral movement within the network. The flaw is a direct manifestation of CWE-532, where sensitive information is inadvertently recorded in logs.

Affected Systems

The affected product is Netatalk, a server implementation of the AppleTalk protocol suite. All releases from 2.1.0 up to and including 4.4.2 are impacted; the issue was addressed in version 4.4.3 and later.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, primarily due to the confidentiality impact of exposed passwords. EPSS data is not available, so current exploitation probability is unclear, but the absence of KEV listing suggests no known active exploitation campaigns. The likely attack vector is through anyone who gains read access to the server’s log files, which may be local or remote if logs are accessible over a network. An attacker exploiting this flaw gains plaintext credentials, enabling impersonation or further compromise of user accounts.

Generated by OpenCVE AI on May 21, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Netatalk to version 4.4.3 or later, which removes password logging from LDAP simple-bind operations.
  • If an upgrade is temporarily infeasible, reconfigure the server to disable logging of LDAP authentication details or modify the log format to exclude password fields.
  • Ensure that log files are stored securely, access is restricted to privileged users, and that log rotation and retention policies are enforced to limit exposure windows.

Generated by OpenCVE AI on May 21, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-62801 netatalk security update
History

Thu, 21 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.1.0 through 4.4.2, ldap simple-bind password exposure in log output. Fixed in 4.4.3. Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials.

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Netatalk
Netatalk netatalk
Vendors & Products Netatalk
Netatalk netatalk

Thu, 21 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Netatalk 2.1.0 through 4.4.2, ldap simple-bind password exposure in log output. Fixed in 4.4.3.
Title LDAP simple-bind password exposure in log output
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Netatalk Netatalk
cve-icon MITRE

Status: PUBLISHED

Assigner: securin

Published:

Updated: 2026-05-21T12:44:56.249Z

Reserved: 2026-05-05T07:24:42.291Z

Link: CVE-2026-44052

cve-icon Vulnrichment

Updated: 2026-05-21T12:44:51.150Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T08:16:20.800

Modified: 2026-05-21T15:20:19.040

Link: CVE-2026-44052

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T10:30:08Z

Weaknesses