Lucene search

[email protected]CVE-2012-2746

HistoryJul 03, 2012 - 4:40 p.m.

CVE-2012-2746

2012-07-0316:40:34

CWE-310

[email protected]

web.nvd.nist.gov

389 directory server

red hat directory server

cve-2012-2746

password security

plaintext logging

ldap

audit logging

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.6%

JSON

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Affected configurations

NVD

Node

redhatdirectory_serverRange≤8.2

redhatdirectory_serverMatch7.1

redhatdirectory_serverMatch8.0

redhatdirectory_serverMatch8.1

Node

fedoraproject389_directory_serverRange≤1.2.11.5

fedoraproject389_directory_serverMatch1.2.1

fedoraproject389_directory_serverMatch1.2.2

fedoraproject389_directory_serverMatch1.2.3

fedoraproject389_directory_serverMatch1.2.5

fedoraproject389_directory_serverMatch1.2.5rc1

fedoraproject389_directory_serverMatch1.2.5rc2

fedoraproject389_directory_serverMatch1.2.5rc3

fedoraproject389_directory_serverMatch1.2.5rc4

fedoraproject389_directory_serverMatch1.2.6

fedoraproject389_directory_serverMatch1.2.6a2

fedoraproject389_directory_serverMatch1.2.6a3

fedoraproject389_directory_serverMatch1.2.6a4

fedoraproject389_directory_serverMatch1.2.6rc1

fedoraproject389_directory_serverMatch1.2.6rc2

fedoraproject389_directory_serverMatch1.2.6rc3

fedoraproject389_directory_serverMatch1.2.6rc6

fedoraproject389_directory_serverMatch1.2.6rc7

fedoraproject389_directory_serverMatch1.2.6.1

fedoraproject389_directory_serverMatch1.2.7alpha3

fedoraproject389_directory_serverMatch1.2.7.5

fedoraproject389_directory_serverMatch1.2.8alpha1

fedoraproject389_directory_serverMatch1.2.8alpha2

fedoraproject389_directory_serverMatch1.2.8alpha3

fedoraproject389_directory_serverMatch1.2.8rc1

fedoraproject389_directory_serverMatch1.2.8rc2

fedoraproject389_directory_serverMatch1.2.8.1

fedoraproject389_directory_serverMatch1.2.8.2

fedoraproject389_directory_serverMatch1.2.8.3

fedoraproject389_directory_serverMatch1.2.9.9

fedoraproject389_directory_serverMatch1.2.10alpha8

fedoraproject389_directory_serverMatch1.2.10rc1

fedoraproject389_directory_serverMatch1.2.10.1

fedoraproject389_directory_serverMatch1.2.10.2

fedoraproject389_directory_serverMatch1.2.10.3

fedoraproject389_directory_serverMatch1.2.10.4

fedoraproject389_directory_serverMatch1.2.10.7

fedoraproject389_directory_serverMatch1.2.11.1

CPENameOperatorVersion
redhat:directory_serverredhat directory serverle8.2
redhat:directory_serverredhat directory servereq7.1
redhat:directory_serverredhat directory servereq8.0
redhat:directory_serverredhat directory servereq8.1

CPE	Name	Operator	Version
redhat:directory_server	redhat directory server	le	8.2
redhat:directory_server	redhat directory server	eq	7.1
redhat:directory_server	redhat directory server	eq	8.0
redhat:directory_server	redhat directory server	eq	8.1