Lucene search
RedhatCVELIST:CVE-2023-1055HistoryFeb 27, 2023 - 12:00 a.m.
CVE-2023-1055
2023-02-2700:00:00
CWE-200
redhat
www.cve.org
5
rhds 11
rhds 12
ldap
sensitive information
leakage
data confidentiality
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
CNA Affected
[
{
"vendor": "n/a",
"product": "Red Hat Directory Server",
"versions": [
{
"version": "11 and 12",
"status": "affected"
}
]
}
]Related
nessus
nessus
RHEL 9 : redhat-ds:12 (RHSA-2023:3489)
2024-04-28 00:00:00
RHEL 8 : redhat-ds:11 (RHSA-2023:4655)
2024-04-28 00:00:00
Fedora 38 : 389-ds-base (2023-c92be0dfa0)
2023-07-26 00:00:00
debiancve
debiancve
CVE-2023-1055
2023-02-27 22:15:09
ubuntucve
ubuntucve
CVE-2023-1055
2023-02-27 00:00:00
redhat
redhat
veracode
veracode
Information Exposure
2024-01-13 05:37:51
openvas
openvas
Fedora: Security Advisory for 389-ds-base (FEDORA-2023-c92be0dfa0)
2023-07-26 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-02-27 22:15:00
redhatcve
redhatcve
CVE-2023-1055
2023-02-27 10:59:31
fedora
fedora
[SECURITY] Fedora 38 Update: 389-ds-base-2.3.5-1.fc38
2023-07-26 00:35:39
cve
cve
CVE-2023-1055
2023-02-27 22:15:09
nvd
nvd
CVE-2023-1055
2023-02-27 22:15:09