389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 00:42
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords. | |
References |
|
Information
Published : 2015-03-10 14:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-8105
Mitre link : CVE-2014-8105
CVE.ORG link : CVE-2014-8105
JSON object : View
Products Affected
fedoraproject
- 389_directory_server
- fedora
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor