389 Directory Server Security Vulnerabilities and Issues — 389 Directory Server CVE List

Lucene search

Fedoraproject389 Directory Server

4 matches found

CVE•added 2012/07/03 4:40 p.m.•60 views

CVE-2012-0833

The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service ...

2.3CVSS6.1AI score0.00244EPSS

CVE•added 2012/07/03 4:40 p.m.•56 views

CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

1.2CVSS6.6AI score0.00238EPSS

CVE•added 2012/10/01 3:26 a.m.•51 views

CVE-2012-4450

389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry.

6CVSS6.1AI score0.00378EPSS

CVE•added 2012/07/03 4:40 p.m.•47 views

CVE-2012-2746

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

2.1CVSS6.2AI score0.00509EPSS