CVE-2012-2678

CWE-3109 documents7 sources

Severity

1.2LOW

EPSS

0.2%

top 53.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Redhat Directory Server

Timeline

PublishedJul 3

Latest updateMay 17

Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/directory_server8.2+3

▶NVDfedoraproject/389_directory_server1.2.11.5+20

▶Ubuntu389-ds-base< 1.3.2.16-0ubuntu1

🔴Vulnerability Details

GHSA

GHSA-p843-jwrx-ghw2: 389 Directory Server before 1↗2022-05-17

▶

OSV

CVE-2012-2678: 389 Directory Server before 1↗2012-07-03

▶

CVEList

CVE-2012-2678: 389 Directory Server before 1↗2012-07-03

▶

📋Vendor Advisories

Red Hat

rhds/389: plaintext password disclosure flaw↗2012-06-20

▶

Debian

CVE-2012-2678: 389-ds-base - 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10...↗2012

▶

💬Community

Bugzilla

CVE-2012-2678 CVE-2012-2746 389-ds-base various flaws [fedora-all]↗2012-06-26

▶

Bugzilla

CVE-2012-2678 CVE-2012-2746 389-ds-base various flaws [epel-5]↗2012-06-26

▶

Bugzilla

CVE-2012-2678 rhds/389: plaintext password disclosure flaw↗2012-06-07

▶