CVE-2012-2678 : 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Published 2012-07-03 16:40:34

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-2678

Redhat » Directory Server
Versions up to, including, (<=) 8.2
cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 7.1
cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 8.0
cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 8.1
cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server
Versions up to, including, (<=) 1.2.11.5
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC7
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC6
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.7.5
cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.7 Update Alpha3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.9.9
cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10 Update Alpha8
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.7
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.11.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2678

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2678

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.2	LOW	AV:L/AC:H/Au:N/C:P/I:N/A:N	1.9	2.9	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2678

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2678

http://rhn.redhat.com/errata/RHSA-2012-0997.html

RHSA-2012:0997 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/49734

Sign in
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/54153

389 Directory Server Multiple Information Disclosure Vulnerabilities

CVEs referencing this url
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083

HP Support for Technical Help and Troubleshooting | HP® Customer Service.

CVEs referencing this url
http://directory.fedoraproject.org/wiki/Release_Notes

CVEs referencing this url
http://osvdb.org/83336
http://rhn.redhat.com/errata/RHSA-2012-1041.html

RHSA-2012:1041 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19353

Repository / Oval Repository

Jump to

Vulnerability Details : CVE-2012-2678

Products affected by CVE-2012-2678

Exploit prediction scoring system (EPSS) score for CVE-2012-2678

CVSS scores for CVE-2012-2678

CWE ids for CVE-2012-2678

References for CVE-2012-2678