Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2746

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2746
Last Modified 05 Dec 2013 12:14:22
Published 03 Jul 2012 12:40:34
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-2746

Summary

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.2.1

  • Fedoraproject 389 Directory Server 1.2.10

  • Fedoraproject 389 Directory Server 1.2.10.1

  • Fedoraproject 389 Directory Server 1.2.10.2

  • Fedoraproject 389 Directory Server 1.2.10.3

  • Fedoraproject 389 Directory Server 1.2.10.4

  • Fedoraproject 389 Directory Server 1.2.10.7

  • Fedoraproject 389 Directory Server 1.2.11.1

  • Fedoraproject 389 Directory Server 1.2.11.5

  • Fedoraproject 389 Directory Server 1.2.2

  • Fedoraproject 389 Directory Server 1.2.3

  • Fedoraproject 389 Directory Server 1.2.5

  • Fedoraproject 389 Directory Server 1.2.6

  • Fedoraproject 389 Directory Server 1.2.6.1

  • Fedoraproject 389 Directory Server 1.2.7

  • Fedoraproject 389 Directory Server 1.2.7.5

  • Fedoraproject 389 Directory Server 1.2.8

  • Fedoraproject 389 Directory Server 1.2.8.1

  • Fedoraproject 389 Directory Server 1.2.8.2

  • Fedoraproject 389 Directory Server 1.2.8.3

  • Fedoraproject 389 Directory Server 1.2.9.9

  • Redhat Directory Server 7.1

  • Redhat Directory Server 8.0

  • Redhat Directory Server 8.1

  • Redhat Directory Server 8.2


References

CONFIRM - https://fedorahosted.org/389/ticket/365

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=833482

XF - 389directory-logging-info-disclosure(76595)

BID - 54153

OSVDB - 83329

SECUNIA - 49734

REDHAT - RHSA-2012:1041

REDHAT - RHSA-2012:0997

CONFIRM - http://directory.fedoraproject.org/wiki/Release_Notes

HP - SSRT101189

HP - HPSBUX02881


Last Updated: 27 May 2016 10:54:50