Tenable Identity Exposure
Monthly
Unauthenticated information disclosure in Tenable Identity Exposure versions prior to 3.93.5 allows remote attackers to retrieve cleartext LDAP credentials, SAML configuration, user accounts, and directory settings via API endpoints under /w/api/*. The flaw is compounded by Cache-Control: public response headers that lack a Vary: Cookie directive, allowing reverse proxies and CDNs to cache and re-serve the sensitive data to other unauthenticated requesters. No public exploit identified at time of analysis, but the issue was disclosed by the vendor itself.
Unauthenticated information disclosure in Tenable Identity Exposure versions prior to 3.93.5 allows remote attackers to retrieve cleartext LDAP credentials, SAML configuration, user accounts, and directory settings via API endpoints under /w/api/*. The flaw is compounded by Cache-Control: public response headers that lack a Vary: Cookie directive, allowing reverse proxies and CDNs to cache and re-serve the sensitive data to other unauthenticated requesters. No public exploit identified at time of analysis, but the issue was disclosed by the vendor itself.