Vulnerability in Ibm Tivoli_directory_server

CVE-2011-1822

The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.

EPSS: 0.001 (16.4th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_directory_server — versions 5.2.0, 5.2.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

IO11882 (vendor-advisory, x_refsource_AIXAPAR)
cve@mitre.org (x_refsource_CONFIRM, Patch)