389 Directory Server prior to 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp hp-ux directory server |
||
redhat redhat directory server |
||
fedoraproject 389 directory server |
||
redhat directory server 8.0 |