CVE-2012-2746 - OpenCVE

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Directory Server
Fedoraproject	389 Directory Server

Configuration 1 [-]

OR	cpe:2.3:a:redhat:directory_server::::::::
	cpe:2.3:a:redhat:directory_server:7.1:::::::*
	cpe:2.3:a:redhat:directory_server:8.0:::::::*
	cpe:2.3:a:redhat:directory_server:8.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:fedoraproject:389_directory_server::::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1::::::
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:::::::*
	cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:::::::*

References

Link	Resource
http://directory.fedoraproject.org/wiki/Release_Notes	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0997.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1041.html	Vendor Advisory
http://secunia.com/advisories/49734	Vendor Advisory
http://www.osvdb.org/83329
http://www.securityfocus.com/bid/54153
https://bugzilla.redhat.com/show_bug.cgi?id=833482	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
https://fedorahosted.org/389/ticket/365	Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241