389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Directory_server | Redhat | * | 8.2 (including) |
Directory_server | Redhat | 7.1 (including) | 7.1 (including) |
Directory_server | Redhat | 8.0 (including) | 8.0 (including) |
Directory_server | Redhat | 8.1 (including) | 8.1 (including) |