CVE-2010-3282
N/A
N/A
Summary
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | 389 Directory Server | before 1.2.7.1 | affected |
| HP | HP-UX Directory Server | before B.08.10.03 | affected |
Weaknesses
- Path Disclosure
ADP Enrichment
CVE Program Container
Additional References
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914
- https://bugzilla.redhat.com/show_bug.cgi?id=625950
- https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US
References
- http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914
- https://bugzilla.redhat.com/show_bug.cgi?id=625950
- https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.