Lucene search
HistoryMar 10, 2015 - 2:59 p.m.
CVE-2014-8112
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0.002
Percentile
56.3%
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores “unhashed” passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
Affected configurations
Node
fedoraproject389_directory_serverMatch1.3.1.0
ORfedoraproject389_directory_serverMatch1.3.1.1
ORfedoraproject389_directory_serverMatch1.3.1.2
ORfedoraproject389_directory_serverMatch1.3.1.3
ORfedoraproject389_directory_serverMatch1.3.1.4
ORfedoraproject389_directory_serverMatch1.3.1.5
ORfedoraproject389_directory_serverMatch1.3.1.6
ORfedoraproject389_directory_serverMatch1.3.1.7
ORfedoraproject389_directory_serverMatch1.3.1.8
ORfedoraproject389_directory_serverMatch1.3.1.9
ORfedoraproject389_directory_serverMatch1.3.1.10
ORfedoraproject389_directory_serverMatch1.3.1.11
ORfedoraproject389_directory_serverMatch1.3.1.12
ORfedoraproject389_directory_serverMatch1.3.1.13
ORfedoraproject389_directory_serverMatch1.3.1.14
ORfedoraproject389_directory_serverMatch1.3.1.15
ORfedoraproject389_directory_serverMatch1.3.1.16
ORfedoraproject389_directory_serverMatch1.3.1.17
ORfedoraproject389_directory_serverMatch1.3.1.18
ORfedoraproject389_directory_serverMatch1.3.1.19
ORfedoraproject389_directory_serverMatch1.3.1.22
ORfedoraproject389_directory_serverMatch1.3.2.2
ORfedoraproject389_directory_serverMatch1.3.2.3
ORfedoraproject389_directory_serverMatch1.3.2.4
ORfedoraproject389_directory_serverMatch1.3.2.5
ORfedoraproject389_directory_serverMatch1.3.2.6
ORfedoraproject389_directory_serverMatch1.3.2.7
ORfedoraproject389_directory_serverMatch1.3.2.8
ORfedoraproject389_directory_serverMatch1.3.2.9
ORfedoraproject389_directory_serverMatch1.3.2.10
ORfedoraproject389_directory_serverMatch1.3.2.11
ORfedoraproject389_directory_serverMatch1.3.2.13
ORfedoraproject389_directory_serverMatch1.3.2.16
ORfedoraproject389_directory_serverMatch1.3.2.19
ORfedoraproject389_directory_serverMatch1.3.2.22
ORfedoraproject389_directory_serverMatch1.3.2.23
ORfedoraproject389_directory_serverMatch1.3.2.24
ORfedoraproject389_directory_serverMatch1.3.2.26
ORfedoraproject389_directory_serverMatch1.3.3.0
ORfedoraproject389_directory_serverMatch1.3.3.2
ORfedoraproject389_directory_serverMatch1.3.3.3
ORfedoraproject389_directory_serverMatch1.3.3.5
ORfedoraproject389_directory_serverMatch1.3.3.8
Node
fedoraprojectfedoraMatch22
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | 389_directory_server | 1.3.1.0 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.0:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.1 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.1:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.2 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.2:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.3 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.3:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.4 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.4:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.5 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.5:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.6 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.6:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.7 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.7:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.8 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.8:*:*:*:*:*:*:* |
| fedoraproject | 389_directory_server | 1.3.1.9 | cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.9:*:*:*:*:*:*:* |
References
Related
prion
prion
Code injection
2015-03-10 14:59:00
ubuntucve
ubuntucve
CVE-2014-8112
2015-03-10 00:00:00
cve
cve
CVE-2014-8112
2015-03-10 14:59:01
cvelist
cvelist
CVE-2014-8112
2015-03-10 14:00:00
debiancve
debiancve
CVE-2014-8112
2015-03-10 14:59:01
nessus
nessus
Amazon Linux AMI : 389-ds-base (ALAS-2015-501)
2015-04-02 00:00:00
RHEL 7 : 389-ds-base (RHSA-2015:0416)
2015-03-05 00:00:00
Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (20150305)
2015-03-26 00:00:00
mageia
mageia
Updated 389-ds-base packages fix security vulnerabilities
2015-03-14 21:44:24
centos
centos
389 security update
2015-03-17 13:27:32
openvas
openvas
RedHat Update for 389-ds-base RHSA-2015:0416-01
2015-03-06 00:00:00
Oracle: Security Advisory (ELSA-2015-0416)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-501)
2015-09-08 00:00:00
amazon
amazon
Important: 389-ds-base
2015-04-01 13:49:00
fedora
fedora
[SECURITY] Fedora 22 Update: 389-ds-base-1.3.3.9-1.fc22
2015-03-31 21:43:31
redhat
redhat
oraclelinux
oraclelinux
389-ds-base security, bug fix, and enhancement update
2015-03-09 00:00:00
osv
osv
389-ds-1.3.4.14-1.2 on GA media
2024-06-15 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.6
Confidence
Low
EPSS
0.002
Percentile
56.3%
Related for NVD:CVE-2014-8112