CVE-2012-2746

high

Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083

https://fedorahosted.org/389/ticket/365

https://exchange.xforce.ibmcloud.com/vulnerabilities/76595

https://bugzilla.redhat.com/show_bug.cgi?id=833482

http://www.securityfocus.com/bid/54153

http://www.osvdb.org/83329

http://secunia.com/advisories/49734

http://rhn.redhat.com/errata/RHSA-2012-1041.html

http://rhn.redhat.com/errata/RHSA-2012-0997.html

http://directory.fedoraproject.org/wiki/Release_Notes

Details

Source: Mitre, NVD

Published: 2012-07-03

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High