CVE-2019-10224 — Insufficiently Protected Credentials in 389 Directory Server
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 83.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 25
Latest updateMay 24
Description
A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2019-10158 infinispan: Session fixation protection broken for Spring Session integration↗2019-05-27
Bugzilla▶
CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure↗2019-02-14
Bugzilla▶
CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure [rhel-8]↗2018-11-27