Lucene search

HpCVE-2010-3282

HistoryJan 09, 2020 - 9:15 p.m.

CVE-2010-3282

2020-01-0921:15:10

CWE-312

web.nvd.nist.gov

cve-2010-3282

389 directory server

password logging

security vulnerability

cleartext password

audit logging

sensitive information disclosure

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

EPSS

Percentile

5.1%

JSON

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

Affected configurations

Nvd

Node

hphp-ux_directory_serverRange<b.08.10.03

Node

redhatredhat_directory_serverRange<b.08.00.02hp-ux

Node

fedoraproject389_directory_serverRange<1.2.7.1

Node

redhatdirectory_serverMatch8.0

VendorProductVersionCPE
hphp-ux_directory_server*cpe:2.3:a:hp:hp-ux_directory_server:*:*:*:*:*:*:*:*
redhatredhat_directory_server*cpe:2.3:a:redhat:redhat_directory_server:*:*:*:*:*:hp-ux:*:*
fedoraproject389_directory_server*cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
redhatdirectory_server8.0cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	hp-ux_directory_server	*	cpe:2.3:a:hp:hp-ux_directory_server::::::::
redhat	redhat_directory_server	*	cpe:2.3:a:redhat:redhat_directory_server::::::hp-ux::*
fedoraproject	389_directory_server	*	cpe:2.3:a:fedoraproject:389_directory_server::::::::
redhat	directory_server	8.0	cpe:2.3:a:redhat:directory_server:8.0:::::::*

CNA Affected

[
  {
    "product": "389 Directory Server",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.2.7.1"
      }
    ]
  },
  {
    "product": "HP-UX Directory Server",
    "vendor": "HP",
    "versions": [
      {
        "status": "affected",
        "version": "before B.08.10.03"
      }
    ]
  }
]

References

oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914

bugzilla.redhat.com/show_bug.cgi?id=625950

git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06

support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-3282