Lucene search
HistoryAug 31, 2013 - 5:55 p.m.
CVE-2012-6596
palo alto networks
pan-os
ldap
cleartext
authentication
sensitive information
security vulnerability
cve-2012-6596
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 stores cleartext LDAP bind passwords in authd.log, which allows context-dependent attackers to obtain sensitive information by reading this file, aka Ref ID 35493.
Affected configurations
Node
paloaltonetworkspan-osMatch4.0.0
ORpaloaltonetworkspan-osMatch4.0.1
ORpaloaltonetworkspan-osMatch4.0.2
ORpaloaltonetworkspan-osMatch4.0.3
ORpaloaltonetworkspan-osMatch4.0.4
ORpaloaltonetworkspan-osMatch4.0.5
ORpaloaltonetworkspan-osMatch4.0.6
ORpaloaltonetworkspan-osMatch4.0.7
ORpaloaltonetworkspan-osMatch4.0.8
ORpaloaltonetworkspan-osMatch4.1.0
ORpaloaltonetworkspan-osMatch4.1.1
ORpaloaltonetworkspan-osMatch4.1.2
Related
nessus
nessus
Palo Alto Networks PAN-OS < 4.0.9 / 4.1.x < 4.1.3 Information Disclosure
2014-03-05 00:00:00
prion
prion
Information disclosure
2013-08-31 17:55:00
paloalto
paloalto
LDAP Passwords Logged in Clear Text
2012-04-27 23:30:00
cvelist
cvelist
CVE-2012-6596
2013-08-31 17:00:00
nvd
nvd
CVE-2012-6596
2013-08-31 17:55:03
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
Related for CVE-2012-6596