19 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-10871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog...
RHEL 7 : 389-ds-base (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default CVE-2018-10871 Note tha...
Oracle Linux 8 : 389-ds:1.4 (ELSA-2019-3401)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3401 advisory. - In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout'...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2019-2127)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : 389-ds-base (EulerOS-SA-2019-2554)
According to the version of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/...
RHEL 8 : 389-ds:1.4 (RHSA-2019:3401)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3401 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP...
Important: Red Hat Security Advisory: 389-ds:1.4 security, bug fix, and enhancement update
An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE SLED15 / SLES15 Security Update : 389-ds (SUSE-SU-2019:2155-1)
This update for 389-ds to version 1.4.0.26 fixes the following issues : Security issues fixed : CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI bsc991201. CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF8...
389-ds-base security, bug fix, and enhancement update
1.3.8.4-15 - Bump version to 1.3.8.4-15 - Resolves: Bug 1624004 - Fix regression in last patch 1.3.8.4-14 - Bump version to 1.3.8.4-14 - Resolves: Bug 1624004 - potential denial of service attack 1.3.8.4-13 - Bump version to 1.3.8.4-13 - Resolves: Bug 1623949 - Crash in deletepasswdPolicy when...
Debian: Security Advisory (DLA-1483-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1483-1 : 389-ds-base security update
CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to 'on'. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is used by some plugin it does not require to keep unhashed passwords. The nsslapd-unhashed-pw-switch option i...
[SECURITY] [DLA 1483-1] 389-ds-base security update
Package : 389-ds-base Version : 1.3.3.5-4+deb8u2 CVE ID : CVE-2018-10871 CVE-2018-10935 Debian Bug : 906985 CVE-2018-10871 By default nsslapd-unhashed-pw-switch was set to on. So a copy of the unhashed password was kept in modifiers and was possibly logged in changelog and retroCL. Unless it is...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2018-10871
CVE-2018-10871 affects 389-ds-base prior to versions 1.3.8.5 and 1.4.0.12. When Replica and/or retroChangeLog plugins are enabled, the service stores passwords in plaintext in changelog files. An attacker with high privileges (e.g., root or Directory Manager) can read these files to obtain plaint...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...
CVE-2018-10871
By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext...