CVE-2012-2678

Published: 03 July 2012

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Priority

Medium

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.11.6)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.3.2.16-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.3.2.16-0ubuntu1])