FKIE_CVE-2012-2746

Vulnerability from fkie_nvd - Published: 2012-07-03 16:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
References
secalert@redhat.comhttp://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49734Vendor Advisory
secalert@redhat.comhttp://www.osvdb.org/83329
secalert@redhat.comhttp://www.securityfocus.com/bid/54153
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=833482Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/76595
secalert@redhat.comhttps://fedorahosted.org/389/ticket/365Vendor Advisory
secalert@redhat.comhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241
af854a3a-2127-422b-91ae-364da2661108http://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49734Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/83329
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54153
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=833482Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
af854a3a-2127-422b-91ae-364da2661108https://fedorahosted.org/389/ticket/365Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241
Impacted products
Vendor Product Version
redhat directory_server *
redhat directory_server 7.1
redhat directory_server 8.0
redhat directory_server 8.1
fedoraproject 389_directory_server *
fedoraproject 389_directory_server 1.2.1
fedoraproject 389_directory_server 1.2.2
fedoraproject 389_directory_server 1.2.3
fedoraproject 389_directory_server 1.2.5
fedoraproject 389_directory_server 1.2.5
fedoraproject 389_directory_server 1.2.5
fedoraproject 389_directory_server 1.2.5
fedoraproject 389_directory_server 1.2.5
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6
fedoraproject 389_directory_server 1.2.6.1
fedoraproject 389_directory_server 1.2.7
fedoraproject 389_directory_server 1.2.7.5
fedoraproject 389_directory_server 1.2.8
fedoraproject 389_directory_server 1.2.8
fedoraproject 389_directory_server 1.2.8
fedoraproject 389_directory_server 1.2.8
fedoraproject 389_directory_server 1.2.8
fedoraproject 389_directory_server 1.2.8.1
fedoraproject 389_directory_server 1.2.8.2
fedoraproject 389_directory_server 1.2.8.3
fedoraproject 389_directory_server 1.2.9.9
fedoraproject 389_directory_server 1.2.10
fedoraproject 389_directory_server 1.2.10
fedoraproject 389_directory_server 1.2.10.1
fedoraproject 389_directory_server 1.2.10.2
fedoraproject 389_directory_server 1.2.10.3
fedoraproject 389_directory_server 1.2.10.4
fedoraproject 389_directory_server 1.2.10.7
fedoraproject 389_directory_server 1.2.11.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5481052-D318-4F67-9567-79157BC716D0",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABADB3F7-AD65-4E62-BEA5-782539911B6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E190C97-A279-4EEE-B9C4-1EA888920F80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D75336B-F1E7-4369-B11D-1B132CA45424",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C3A4C9B-3A48-4B84-9B54-7972E9F21566",
              "versionEndIncluding": "1.2.11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE2E9C8D-FFEE-424C-BBA6-42BD4309D18A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2E9CEF-F30D-4374-A7E2-052102B602A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A8729B-B00B-4871-B083-6B10A5034721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6335FA65-9498-40AF-AE2B-034DA2823821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8CF92ADB-B5B0-43D7-93D8-CBA3AE46EB8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "17F8ED59-E27A-4B9B-8BB8-66FAB2B2DCFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "4200CEAB-4E14-48C8-9D6F-F86796475019",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "3179916B-F98C-4D10-82AB-59DCCACBE8DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44B5289-08BB-4D62-B60D-1BD738472B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*",
              "matchCriteriaId": "02392BBF-AFAB-4739-BAF6-E930692AB28F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*",
              "matchCriteriaId": "BFF70436-E01E-4912-AC31-B600F5E8CB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*",
              "matchCriteriaId": "360BA51B-B47E-4537-B564-9E628DF4E6EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "987F04BC-75DC-4959-AE32-070F11F9EBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "078BCE55-90BB-48DE-92D1-9A152338158C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "595F5AEE-E4A9-40E0-AF03-69AF689C4916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "FED47519-F254-4545-8551-FFBD0B4F9FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "A06C0421-74B7-4F9D-9F3A-18BF62BDD4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F772DF-B8A7-4577-9AC6-3234B8C7FFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "60624BFB-BB50-47F9-BB6D-BC92B40988BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17C879AE-7435-43F5-94E5-A7ED84E46D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "5809DC7B-AC50-4E03-A8FA-6C2C6B67A400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "04FED7B7-7D97-4020-9D5C-A7150B43838C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "6CA6BAB0-4638-4341-8835-E24E58855C37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3C87A154-D750-4A93-B958-478CB17783F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "762AF16D-D7C3-4444-B8E5-88626D7DCE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF2BE2A-E90A-4336-864A-A76D9B1F0793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE57DD6-A59C-4073-8DBB-E8D667E9A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65E0F9-731B-48E4-AF46-C8CAAE00820D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8AD8024-EF26-46B3-80E1-25661A5C538A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*",
              "matchCriteriaId": "A3DD52CC-C56A-4F62-BE61-BF826104B127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D820510A-C85F-4F5D-895E-884DB70A409F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6CA2089-F7DF-418B-BFAC-AACA7784EB03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D661F57-BECB-4880-A14F-F9DB3C6659C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6E8AC0-9017-4C68-BEA8-AC89642C74A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BFCE99E-C862-4A32-BFB1-799F835045AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A97D83-D0D8-4596-BEA0-825B13B60ADB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBE4443-C736-4263-BC89-5A8F2ADD81E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
    },
    {
      "lang": "es",
      "value": "\"389 Directory Server\" antes de v1.2.11.6 (tambi\u00e9n conocido como Red Hat Directory Server antes de v8.2.10-3), cuando la contrase\u00f1a de un usuario de LDAP ha cambiado y el registro de auditor\u00eda est\u00e1 habilitada, guarda la nueva contrase\u00f1a para el registro en texto plano, lo que permite leer la contrase\u00f1a a usuarios remotos autenticados."
    }
  ],
  "id": "CVE-2012-2746",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-03T16:40:34.537",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://directory.fedoraproject.org/wiki/Release_Notes"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49734"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/83329"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/54153"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fedorahosted.org/389/ticket/365"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://directory.fedoraproject.org/wiki/Release_Notes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/83329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fedorahosted.org/389/ticket/365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.