CVE-2012-2746

EUVD-2012-2726
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
redhatdirectory_server
𝑥
≤ 8.2
redhatdirectory_server
7.1
redhatdirectory_server
8.0
redhatdirectory_server
8.1
fedoraproject389_directory_server
𝑥
≤ 1.2.11.5
fedoraproject389_directory_server
1.2.1
fedoraproject389_directory_server
1.2.2
fedoraproject389_directory_server
1.2.3
fedoraproject389_directory_server
1.2.5
fedoraproject389_directory_server
1.2.5:rc1
fedoraproject389_directory_server
1.2.5:rc2
fedoraproject389_directory_server
1.2.5:rc3
fedoraproject389_directory_server
1.2.5:rc4
fedoraproject389_directory_server
1.2.6
fedoraproject389_directory_server
1.2.6:a2
fedoraproject389_directory_server
1.2.6:a3
fedoraproject389_directory_server
1.2.6:a4
fedoraproject389_directory_server
1.2.6:rc1
fedoraproject389_directory_server
1.2.6:rc2
fedoraproject389_directory_server
1.2.6:rc3
fedoraproject389_directory_server
1.2.6:rc6
fedoraproject389_directory_server
1.2.6:rc7
fedoraproject389_directory_server
1.2.6.1
fedoraproject389_directory_server
1.2.7:alpha3
fedoraproject389_directory_server
1.2.7.5
fedoraproject389_directory_server
1.2.8:alpha1
fedoraproject389_directory_server
1.2.8:alpha2
fedoraproject389_directory_server
1.2.8:alpha3
fedoraproject389_directory_server
1.2.8:rc1
fedoraproject389_directory_server
1.2.8:rc2
fedoraproject389_directory_server
1.2.8.1
fedoraproject389_directory_server
1.2.8.2
fedoraproject389_directory_server
1.2.8.3
fedoraproject389_directory_server
1.2.9.9
fedoraproject389_directory_server
1.2.10:alpha8
fedoraproject389_directory_server
1.2.10:rc1
fedoraproject389_directory_server
1.2.10.1
fedoraproject389_directory_server
1.2.10.2
fedoraproject389_directory_server
1.2.10.3
fedoraproject389_directory_server
1.2.10.4
fedoraproject389_directory_server
1.2.10.7
fedoraproject389_directory_server
1.2.11.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
389-ds-base
bookworm
2.3.1+dfsg1-1
fixed
bullseye
1.4.4.11-2
fixed
sid
3.1.1+dfsg1-2
fixed
trixie
3.1.1+dfsg1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
389-ds-base
hardy
dne
lucid
dne
natty
dne
oneiric
dne
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
not-affected
yakkety
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://directory.fedoraproject.org/wiki/Release_Notes
http://rhn.redhat.com/errata/RHSA-2012-0997.html
http://rhn.redhat.com/errata/RHSA-2012-1041.html
http://secunia.com/advisories/49734
http://www.osvdb.org/83329
http://www.securityfocus.com/bid/54153
https://bugzilla.redhat.com/show_bug.cgi?id=833482
https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
https://fedorahosted.org/389/ticket/365
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241
http://directory.fedoraproject.org/wiki/Release_Notes
http://rhn.redhat.com/errata/RHSA-2012-0997.html
http://rhn.redhat.com/errata/RHSA-2012-1041.html
http://secunia.com/advisories/49734
http://www.osvdb.org/83329
http://www.securityfocus.com/bid/54153
https://bugzilla.redhat.com/show_bug.cgi?id=833482
https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
https://fedorahosted.org/389/ticket/365
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241