Published: 03/07/2012 Updated: 19/09/2017

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

389 Directory Server prior to 1.2.11.6 (aka Red Hat Directory Server prior to 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote malicious users to read the plaintext password via the unhashed#user#password attribute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat directory server 7.1
redhat directory server
redhat directory server 8.1
redhat directory server 8.0
fedoraproject 389 directory server 1.2.6
fedoraproject 389 directory server 1.2.2
fedoraproject 389 directory server 1.2.3
fedoraproject 389 directory server 1.2.8
fedoraproject 389 directory server 1.2.8.1
fedoraproject 389 directory server 1.2.10.1
fedoraproject 389 directory server 1.2.10.2
fedoraproject 389 directory server 1.2.6.1
fedoraproject 389 directory server 1.2.5
fedoraproject 389 directory server 1.2.1
fedoraproject 389 directory server 1.2.10
fedoraproject 389 directory server
fedoraproject 389 directory server 1.2.7
fedoraproject 389 directory server 1.2.8.2
fedoraproject 389 directory server 1.2.10.3
fedoraproject 389 directory server 1.2.10.4
fedoraproject 389 directory server 1.2.7.5
fedoraproject 389 directory server 1.2.8.3
fedoraproject 389 directory server 1.2.9.9
fedoraproject 389 directory server 1.2.10.7
fedoraproject 389 directory server 1.2.11.1

Synopsis Moderate: redhat-ds-base security update Type/Severity Security Advisory: Moderate Topic Updated redhat-ds-base packages that fix two security issues are nowavailable for Red Hat Directory Server 8The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vu ...

Synopsis Moderate: 389-ds-base security update Type/Severity Security Advisory: Moderate Topic Updated 389-ds-base packages that fix two security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerab ...

CWE-310 http://www.securityfocus.com/bid/54153 http://directory.fedoraproject.org/wiki/Release_Notes http://osvdb.org/83336 http://rhn.redhat.com/errata/RHSA-2012-1041.html http://secunia.com/advisories/49734 http://rhn.redhat.com/errata/RHSA-2012-0997.html https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353 https://access.redhat.com/errata/RHSA-2012:1041 https://nvd.nist.gov

CVE-2012-2678

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect