CVE-2012-2678
published 2012-07-03CVE-2012-2678: 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server…
low1.2CVSS 3.1
AVLACHAuNCPINAN
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | — | — |
| fedoraproject | 389_directory_server | <= 1.2.11.5 | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| fedoraproject | 389_directory_server | — | — |
| port389 | 389-ds-base | >= 0 < 1.3.2.16-0ubuntu1 | 1.3.2.16-0ubuntu1 |
| redhat | directory_server | <= 8.2 | — |
| redhat | directory_server | — | — |
CVSS provenance
nvd1.2LOWAV:L/AC:H/Au:N/C:P/I:N/A:N
osv1.2LOW