CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

CVSS v2.0 1.2 LOW

1.2^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 1.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://directory.fedoraproject.org/wiki/Release_Notes
http://osvdb.org/83336
http://rhn.redhat.com/errata/RHSA-2012-0997.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1041.html	Vendor Advisory
http://secunia.com/advisories/49734	Vendor Advisory
http://www.securityfocus.com/bid/54153
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:directory_server::::::::
	cpe:2.3:a:redhat:directory_server:7.1:::::::*
	cpe:2.3:a:redhat:directory_server:8.0:::::::*
	cpe:2.3:a:redhat:directory_server:8.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:fedoraproject:389_directory_server::::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:::::::*

History

No history.

Information

Published : 2012-07-03 16:40

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2678

Mitre link : CVE-2012-2678

CVE.ORG link : CVE-2012-2678

JSON object : View

Products Affected

redhat

directory_server

fedoraproject

389_directory_server

CWE

CWE-310

Cryptographic Issues

1.2 /10