CVE-2012-2746 : 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Published 2012-07-03 16:40:35

Updated 2017-09-19 01:34:59

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-2746

Redhat » Directory Server
Versions up to, including, (<=) 8.2
cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 7.1
cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 8.0
cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Directory Server » Version: 8.1
cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server
Versions up to, including, (<=) 1.2.11.5
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC7
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update RC6
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.6 Update A3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.5
cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.7.5
cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.7 Update Alpha3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update Alpha3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8 Update RC2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.9.9
cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10 Update Alpha8
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.8.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.2
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10 Update RC1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.3
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.4
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.10.7
cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7:*:*:*:*:*:*:*
Matching versions
Fedoraproject » 389 Directory Server » Version: 1.2.11.1
cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-2746

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-2746

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.1	LOW	AV:N/AC:H/Au:S/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-2746

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2746

http://rhn.redhat.com/errata/RHSA-2012-0997.html

RHSA-2012:0997 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/76595

389 Directory Server logging information disclosure CVE-2012-2746 Vulnerability Report
http://www.securityfocus.com/bid/54153

389 Directory Server Multiple Information Disclosure Vulnerabilities

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=833482

833482 – (CVE-2012-2746) CVE-2012-2746 rhds/389: plaintext password disclosure in audit log
Vendor Advisory
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083

HP Support for Technical Help and Troubleshooting | HP® Customer Service.

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241

Repository / Oval Repository
http://directory.fedoraproject.org/wiki/Release_Notes

Vendor Advisory

CVEs referencing this url
https://fedorahosted.org/389/ticket/365

Issue #365: Audit log - clear text password in user changes - 389-ds-base - Pagure.io
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1041.html

RHSA-2012:1041 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-2746

Products affected by CVE-2012-2746

Exploit prediction scoring system (EPSS) score for CVE-2012-2746

CVSS scores for CVE-2012-2746

CWE ids for CVE-2012-2746

References for CVE-2012-2746