CVE-2012-2746

Published: 03 July 2012

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Priority

Medium

Status

Package Release Status
389-ds-base
Launchpad, Ubuntu, Debian
Upstream
Released (1.3.0.2)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(1.3.2.16-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [1.3.2.16-0ubuntu1])