Vulnerability in Fedoraproject 389_directory_server

CVE-2012-2746

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authe…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.005 (66.7th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.1, 1.2.2, 1.2.3
Redhat Directory_server — versions 7.1, 8.0, 8.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

83329 (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
49734 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
389directory-logging-info-disclosure(76595) (vdb-entry, x_refsource_XF)
SSRT101189 (x_refsource_HP, vendor-advisory)
54153 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2012:1041 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2012:0997 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)