CVE-2010-3282

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
3.3LOW
EPSS
0.2%
top 55.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Fedoraproject 389 Directory ServerHP Hp-ux Directory ServerRedhat Redhat Directory Server+2 more
Timeline
PublishedJan 9
Latest updateApr 21

Description

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages6 packages

NVDhp/hp-ux_directory_server< b.08.10.03
CVEListV5hp/hp-ux_directory_serverbefore B.08.10.03

🔴Vulnerability Details

2
GHSA
GHSA-c9g4-pfp3-j9qm: 389 Directory Server before 12022-04-21
CVEList
CVE-2010-3282: 389 Directory Server before 12020-01-09

📋Vendor Advisories

1
Red Hat
RHDS/389: information disclosure in audit logs2010-11-12

💬Community

1
Bugzilla
CVE-2010-3282 RHDS/389: information disclosure in audit logs2010-08-20
CVE-2010-3282 (LOW CVSS 3.3) | 389 Directory Server before 1.2.7.1 | cvebase.io