CVE-2010-3282

3.3LOW

Key Information:

Vendor: Red Hat
Status: 389 Directory Server; HP-ux Directory Server
Vendor: CVE Published:; 9 January 2020

Summary

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

Affected Version(s)

389 Directory Server before 1.2.7.1

HP-UX Directory Server before B.08.10.03

References

http://oval.mitre.org/repository/data/getDef?id=oval:org....

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=625950

x_refsource_CONFIRM

https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Sep 13, 2010

.