Vulnerability
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file
Prerequisites
To successfully exploit this vulnerability, an attacker must already have access to a system running PrinterOn Enterprise using a low-privileged user account and LDAP bind account must be in use.
Exploit
Opening the cps_config.xml reveals bindPW for an Active Directory user in base64 encoding that can be easily decoded.

Timeline
04-23-18: Submitted incident through online form, no response
05-02-18: Emailed vendor, no response
05-07-18: Emailed vendor, no response
05-14-18: Emailed vendor, no response
05-15-18: New version released; Submitted public disclosure
Reference
Disclaimer
Content is for educational and research purposes only. Author doesn’t hold any responsibility over the misuse of the software, exploits or security findings contained herein and does not condone them whatsoever.