CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
redhatdirectory_server
𝑥
≤ 8.2
redhatdirectory_server
7.1
redhatdirectory_server
8.0
redhatdirectory_server
8.1
fedoraproject389_directory_server
𝑥
≤ 1.2.11.5
fedoraproject389_directory_server
1.2.1
fedoraproject389_directory_server
1.2.2
fedoraproject389_directory_server
1.2.3
fedoraproject389_directory_server
1.2.5
fedoraproject389_directory_server
1.2.5:rc1
fedoraproject389_directory_server
1.2.5:rc2
fedoraproject389_directory_server
1.2.5:rc3
fedoraproject389_directory_server
1.2.5:rc4
fedoraproject389_directory_server
1.2.6
fedoraproject389_directory_server
1.2.6:a2
fedoraproject389_directory_server
1.2.6:a3
fedoraproject389_directory_server
1.2.6:a4
fedoraproject389_directory_server
1.2.6:rc1
fedoraproject389_directory_server
1.2.6:rc2
fedoraproject389_directory_server
1.2.6:rc3
fedoraproject389_directory_server
1.2.6:rc6
fedoraproject389_directory_server
1.2.6:rc7
fedoraproject389_directory_server
1.2.6.1
fedoraproject389_directory_server
1.2.7:alpha3
fedoraproject389_directory_server
1.2.7.5
fedoraproject389_directory_server
1.2.8:alpha1
fedoraproject389_directory_server
1.2.8:alpha2
fedoraproject389_directory_server
1.2.8:alpha3
fedoraproject389_directory_server
1.2.8:rc1
fedoraproject389_directory_server
1.2.8:rc2
fedoraproject389_directory_server
1.2.8.1
fedoraproject389_directory_server
1.2.8.2
fedoraproject389_directory_server
1.2.8.3
fedoraproject389_directory_server
1.2.9.9
fedoraproject389_directory_server
1.2.10:alpha8
fedoraproject389_directory_server
1.2.10:rc1
fedoraproject389_directory_server
1.2.10.1
fedoraproject389_directory_server
1.2.10.2
fedoraproject389_directory_server
1.2.10.3
fedoraproject389_directory_server
1.2.10.4
fedoraproject389_directory_server
1.2.10.7
fedoraproject389_directory_server
1.2.11.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bullseye
1.4.4.11-2
fixed
bookworm
2.3.1+dfsg1-1
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
oneiric
dne
natty
dne
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://directory.fedoraproject.org/wiki/Release_Notes
http://osvdb.org/83336
http://rhn.redhat.com/errata/RHSA-2012-0997.html
http://rhn.redhat.com/errata/RHSA-2012-1041.html
http://secunia.com/advisories/49734
http://www.securityfocus.com/bid/54153
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353
http://directory.fedoraproject.org/wiki/Release_Notes
http://osvdb.org/83336
http://rhn.redhat.com/errata/RHSA-2012-0997.html
http://rhn.redhat.com/errata/RHSA-2012-1041.html
http://secunia.com/advisories/49734
http://www.securityfocus.com/bid/54153
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353