CVE-2012-2746
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
58.5%
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | directory_server | * | cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:* |
| redhat | directory_server | 7.1 | cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:* |
| redhat | directory_server | 8.0 | cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:* |
| redhat | directory_server | 8.1 | cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | * | cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.2.1 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.2.2 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.2.3 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.2.5 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.2.5 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:* |
References
directory.fedoraproject.org/wiki/Release_Notes
rhn.redhat.com/errata/RHSA-2012-0997.html
rhn.redhat.com/errata/RHSA-2012-1041.html
secunia.com/advisories/49734
www.osvdb.org/83329
www.securityfocus.com/bid/54153
bugzilla.redhat.com/show_bug.cgi?id=833482
exchange.xforce.ibmcloud.com/vulnerabilities/76595
fedorahosted.org/389/ticket/365
h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
58.5%