Vulnerability Description
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Directory Server | <= 8.2 |
| Fedoraproject | 389 Directory Server | <= 1.2.11.5 |
Related Weaknesses (CWE)
References
- http://directory.fedoraproject.org/wiki/Release_Notes
- http://osvdb.org/83336
- http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
- http://secunia.com/advisories/49734Vendor Advisory
- http://www.securityfocus.com/bid/54153
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://directory.fedoraproject.org/wiki/Release_Notes
- http://osvdb.org/83336
- http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
- http://secunia.com/advisories/49734Vendor Advisory
- http://www.securityfocus.com/bid/54153
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0
FAQ
What is CVE-2012-2678?
CVE-2012-2678 is a vulnerability with a CVSS score of 1.2 (LOW). 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers t...
How severe is CVE-2012-2678?
CVE-2012-2678 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2678?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Directory Server, Fedoraproject 389 Directory Server.