CVE-2012-2678

Current Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Basic Data

PublishedJuly 03, 2012
Last ModifiedSeptember 19, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-310
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:H/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score1.2
SeverityLOW
Exploitability Score1.9
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatDirectory Server7.1*******
    2.3ApplicationRedhatDirectory Server8.0*******
    2.3ApplicationRedhatDirectory Server8.1*******
    2.3ApplicationRedhatDirectory Server********8.2
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFedoraproject389 Directory Server1.2.1*******
    2.3ApplicationFedoraproject389 Directory Server1.2.2*******
    2.3ApplicationFedoraproject389 Directory Server1.2.3*******
    2.3ApplicationFedoraproject389 Directory Server1.2.5*******
    2.3ApplicationFedoraproject389 Directory Server1.2.5rc1******
    2.3ApplicationFedoraproject389 Directory Server1.2.5rc2******
    2.3ApplicationFedoraproject389 Directory Server1.2.5rc3******
    2.3ApplicationFedoraproject389 Directory Server1.2.5rc4******
    2.3ApplicationFedoraproject389 Directory Server1.2.6*******
    2.3ApplicationFedoraproject389 Directory Server1.2.6a2******
    2.3ApplicationFedoraproject389 Directory Server1.2.6a3******
    2.3ApplicationFedoraproject389 Directory Server1.2.6a4******
    2.3ApplicationFedoraproject389 Directory Server1.2.6rc1******
    2.3ApplicationFedoraproject389 Directory Server1.2.6rc2******
    2.3ApplicationFedoraproject389 Directory Server1.2.6rc3******
    2.3ApplicationFedoraproject389 Directory Server1.2.6rc6******
    2.3ApplicationFedoraproject389 Directory Server1.2.6rc7******
    2.3ApplicationFedoraproject389 Directory Server1.2.6.1*******
    2.3ApplicationFedoraproject389 Directory Server1.2.7alpha3******
    2.3ApplicationFedoraproject389 Directory Server1.2.7.5*******
    2.3ApplicationFedoraproject389 Directory Server1.2.8alpha1******
    2.3ApplicationFedoraproject389 Directory Server1.2.8alpha2******
    2.3ApplicationFedoraproject389 Directory Server1.2.8alpha3******
    2.3ApplicationFedoraproject389 Directory Server1.2.8rc1******
    2.3ApplicationFedoraproject389 Directory Server1.2.8rc2******
    2.3ApplicationFedoraproject389 Directory Server1.2.8.1*******
    2.3ApplicationFedoraproject389 Directory Server1.2.8.2*******
    2.3ApplicationFedoraproject389 Directory Server1.2.8.3*******
    2.3ApplicationFedoraproject389 Directory Server1.2.9.9*******
    2.3ApplicationFedoraproject389 Directory Server1.2.10alpha8******
    2.3ApplicationFedoraproject389 Directory Server1.2.10rc1******
    2.3ApplicationFedoraproject389 Directory Server1.2.10.1*******
    2.3ApplicationFedoraproject389 Directory Server1.2.10.2*******
    2.3ApplicationFedoraproject389 Directory Server1.2.10.3*******
    2.3ApplicationFedoraproject389 Directory Server1.2.10.4*******
    2.3ApplicationFedoraproject389 Directory Server1.2.10.7*******
    2.3ApplicationFedoraproject389 Directory Server1.2.11.1*******
    2.3ApplicationFedoraproject389 Directory Server********1.2.11.5

Vulnerable Software List

VendorProductVersions
Redhat Directory Server *, 7.1, 8.0, 8.1
Fedoraproject 389 Directory Server *, 1.2.1, 1.2.10, 1.2.10.1, 1.2.10.2, 1.2.10.3, 1.2.10.4, 1.2.10.7, 1.2.11.1, 1.2.2, 1.2.3, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 1.2.7.5, 1.2.8, 1.2.8.1, 1.2.8.2, 1.2.8.3, 1.2.9.9

References

NameSourceURLTags
http://directory.fedoraproject.org/wiki/Release_Noteshttp://directory.fedoraproject.org/wiki/Release_NotesCONFIRM
83336http://osvdb.org/83336OSVDB
RHSA-2012:0997http://rhn.redhat.com/errata/RHSA-2012-0997.htmlREDHATVendor Advisory
RHSA-2012:1041http://rhn.redhat.com/errata/RHSA-2012-1041.htmlREDHATVendor Advisory
49734http://secunia.com/advisories/49734SECUNIAVendor Advisory
54153http://www.securityfocus.com/bid/54153BID
SSRT101189https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083HP
oval:org.mitre.oval:def:19353https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353OVAL