Three Confirmed Vulnerabilities in Truesec LAPSWebUI

I work for Reversec since April 2025. My first blog post for them tells that I found some vulnerabilities in LAPSWebUI in a client engagement and reported the findings to the vendor Truesec, who confirmed most of them and issued a new version with fixes. My Reversec Labs post:

• Three Confirmed Vulnerabilities in Truesec LAPSWebUI

This resulted in three advisories with associated CVEs (also linked from the blog post):

• CVE-2025-15552: Long Session Lifetime in Truesec LAPSWebUI
• CVE-2025-15553: Insecure Logout Functionality in Truesec LAPSWebUI
• CVE-2025-15554: Admin Passwords Cached by Browsers in Truesec LAPSWebUI

(This linking entry on my private blog is backdated to the publishing date on Reversec Labs. For transparency: published here 2026-APR-10 CEST.)

• Coordinated Disclosure
• Web Vulnerabilities
• CVE
• Reversec Labs Posts
• Employer Posts