Lucene search

[email protected]NVD:CVE-2018-10871

HistoryJul 18, 2018 - 1:29 p.m.

CVE-2018-10871

2018-07-1813:29:00

CWE-312

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Affected configurations

Nvd

Node

fedoraproject389_directory_serverRange<1.3.8.5

fedoraproject389_directory_serverRange1.4.0.0–1.4.0.12

Node

debiandebian_linuxMatch8.0

VendorProductVersionCPE
fedoraproject389_directory_server*cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	389_directory_server	*	cpe:2.3:a:fedoraproject:389_directory_server::::::::
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*