CVE-2018-10871

2018-07-1813:29:00

Debian Security Bug Tracker

security-tracker.debian.org

0.002 Low

EPSS

Percentile

53.1%

JSON

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

OSVersionArchitecturePackageVersionFilename
Debian12all389-ds-base< 1.4.0.15-1389-ds-base_1.4.0.15-1_all.deb
Debian11all389-ds-base< 1.4.0.15-1389-ds-base_1.4.0.15-1_all.deb
Debian10all389-ds-base< 1.4.0.15-1389-ds-base_1.4.0.15-1_all.deb
Debian999all389-ds-base< 1.4.0.15-1389-ds-base_1.4.0.15-1_all.deb
Debian13all389-ds-base< 1.4.0.15-1389-ds-base_1.4.0.15-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	389-ds-base	< 1.4.0.15-1	389-ds-base_1.4.0.15-1_all.deb
Debian	11	all	389-ds-base	< 1.4.0.15-1	389-ds-base_1.4.0.15-1_all.deb
Debian	10	all	389-ds-base	< 1.4.0.15-1	389-ds-base_1.4.0.15-1_all.deb
Debian	999	all	389-ds-base	< 1.4.0.15-1	389-ds-base_1.4.0.15-1_all.deb
Debian	13	all	389-ds-base	< 1.4.0.15-1	389-ds-base_1.4.0.15-1_all.deb

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for DEBIANCVE:CVE-2018-10871