[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2678Date: (C)2012-07-03   (M)2023-12-22


389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-49734
BID-54153
OSVDB-83336
RHSA-2012:0997
RHSA-2012:1041
SSRT101189
http://directory.fedoraproject.org/wiki/Release_Notes
oval:org.mitre.oval:def:19353

CPE    40
cpe:/a:fedoraproject:389_directory_server:1.2.3
cpe:/a:fedoraproject:389_directory_server:1.2.5
cpe:/a:fedoraproject:389_directory_server:1.2.6
cpe:/a:fedoraproject:389_directory_server:1.2.8.3
...
CWE    1
CWE-310
OVAL    3
oval:org.secpod.oval:def:202384
oval:org.secpod.oval:def:1503666
oval:org.secpod.oval:def:500828

© SecPod Technologies