CVE-2012-2746

CWE-3109 documents7 sources

Severity

2.1LOW

EPSS

0.5%

top 33.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Redhat Directory Server

Timeline

PublishedJul 3

Latest updateMay 17

Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/directory_server8.2+3

▶NVDfedoraproject/389_directory_server1.2.11.5+20

▶Ubuntu389-ds-base< 1.3.2.16-0ubuntu1

🔴Vulnerability Details

GHSA

GHSA-x3v3-65v7-r727: 389 Directory Server before 1↗2022-05-17

▶

CVEList

CVE-2012-2746: 389 Directory Server before 1↗2012-07-03

▶

OSV

CVE-2012-2746: 389 Directory Server before 1↗2012-07-03

▶

📋Vendor Advisories

Red Hat

rhds/389: plaintext password disclosure in audit log↗2012-05-10

▶

Debian

CVE-2012-2746: 389-ds-base - 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10...↗2012

▶

💬Community

Bugzilla

CVE-2012-2678 CVE-2012-2746 389-ds-base various flaws [fedora-all]↗2012-06-26

▶

Bugzilla

CVE-2012-2678 CVE-2012-2746 389-ds-base various flaws [epel-5]↗2012-06-26

▶

Bugzilla

CVE-2012-2746 rhds/389: plaintext password disclosure in audit log↗2012-06-19

▶