CVE Vulnerabilities

CVE-2012-2678

Published: Jul 03, 2012 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.2 LOW
AV:L/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
4 MODERATE
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V3
Ubuntu

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Affected Software

Name Vendor Start Version End Version
Directory_server Redhat 7.1 7.1
Directory_server Redhat 8.0 8.0
Directory_server Redhat 8.1 8.1
Directory_server Redhat * 8.2
Red Hat Directory Server 8 for RHEL 5 RedHat redhat-ds-base-0:8.2.10-3.el5dsrv *
Red Hat Enterprise Linux 6 RedHat 389-ds-base-0:1.2.10.2-18.el6_3 *
389-ds-base Ubuntu precise *
389-ds-base Ubuntu quantal *
389-ds-base Ubuntu raring *
389-ds-base Ubuntu saucy *
389-ds-base Ubuntu upstream *

References