Vulnerability in Fedoraproject 389_directory_server

CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the u…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (47.1th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.1, 1.2.2, 1.2.3
Redhat Directory_server — versions 7.1, 8.0, 8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

oval:org.mitre.oval:def:19353 (x_refsource_OVAL, signature, vdb-entry)
49734 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
SSRT101189 (x_refsource_HP, vendor-advisory)
83336 (x_refsource_OSVDB, vdb-entry)
54153 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:1041 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2012:0997 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)