CVE-2012-2746 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2012-2746?

CVE-2012-2746 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2746?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Directory Server, Fedoraproject 389 Directory Server.

Vulnerability Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

CVSS Score

2.1

LOW

AV:N/AC:H/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Directory Server	<= 8.2
Fedoraproject	389 Directory Server	<= 1.2.11.5

Related Weaknesses (CWE)

CWE-310

References

http://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
http://secunia.com/advisories/49734Vendor Advisory
http://www.osvdb.org/83329
http://www.securityfocus.com/bid/54153
https://bugzilla.redhat.com/show_bug.cgi?id=833482Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
https://fedorahosted.org/389/ticket/365Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
http://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
http://secunia.com/advisories/49734Vendor Advisory

FAQ

What is CVE-2012-2746?

CVE-2012-2746 is a vulnerability with a CVSS score of 2.1 (LOW). 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log i...

How severe is CVE-2012-2746?

CVE-2012-2746 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2746?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Directory Server, Fedoraproject 389 Directory Server.