Plaintext Password Vulnerability in Netscape Certificate Management System and Directory Server
CVE-2000-1076

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Certificate Management System; Directory Server
Vendor: CVE Published:; 11 December 2000

What is CVE-2000-1076?

The Netscape Certificate Management System version 4.2 and Directory Server version 4.12 have a significant vulnerability where administrative passwords are stored in plaintext. This design flaw compromises security, allowing local and potentially remote attackers to access sensitive information and gain administrative privileges on the server. Organizations using these products should take immediate action to mitigate this risk by implementing secure password storage practices and considering upgrades to more secure systems.

References

http://archives.neohapsis.com/archives/bugtraq/2000-10/03...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/5422

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 11, 2000
Vulnerability Reserved
Nov 29, 2000

Oracle

What is CVE-2000-1076?

References

Timeline