Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Published

2018-07-18T13:29:00.210

Last Modified

2024-11-21T03:42:11.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 3.8 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-312
  • Type: Primary
    CWE-312
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fedoraproject 389_directory_server < 1.3.8.5 Yes
Application fedoraproject 389_directory_server < 1.4.0.12 Yes
Operating System debian debian_linux 8.0 Yes
References