[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2746Date: (C)2012-07-03   (M)2023-12-22


389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
389directory-logging-info-disclosure(76595)
SECUNIA-49734
BID-54153
OSVDB-83329
RHSA-2012:0997
RHSA-2012:1041
SSRT101189
http://directory.fedoraproject.org/wiki/Release_Notes
https://bugzilla.redhat.com/show_bug.cgi?id=833482
https://fedorahosted.org/389/ticket/365
oval:org.mitre.oval:def:19241

CPE    40
cpe:/a:fedoraproject:389_directory_server:1.2.3
cpe:/a:fedoraproject:389_directory_server:1.2.5
cpe:/a:fedoraproject:389_directory_server:1.2.6
cpe:/a:fedoraproject:389_directory_server:1.2.8.3
...
CWE    1
CWE-310
OVAL    3
oval:org.secpod.oval:def:202384
oval:org.secpod.oval:def:1503666
oval:org.secpod.oval:def:500828

© SecPod Technologies