Information disclosure in Fedoraproject 389_directory_server

CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive inform…

Vulnerability class: Information Disclosure

EPSS: 0.003 (54.5th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.3.1.0, 1.3.1.1, 1.3.1.2
Fedoraproject Fedora — versions 22
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2015:0416 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
FEDORA-2015-3368 (x_refsource_FEDORA, vendor-advisory)