Cleartext Password Logging Vulnerability in 389 Directory Server and HP-UX Directory Server
CVE-2010-3282

3.3LOW

Key Information:

Vendor: Red Hat
Status: 389 Directory Server; HP-ux Directory Server
Vendor: CVE Published:; 9 January 2020

What is CVE-2010-3282?

Certain versions of 389 Directory Server and HP-UX Directory Server store the Directory Manager password in cleartext when audit logging is active. This poses a significant risk as local users can potentially access the password by reading the logs, compromising sensitive information and undermining the integrity of the server configuration. It is crucial for administrators to disable audit logging or implement mitigations to prevent unauthorized access to log files that could expose such sensitive data.

Affected Version(s)

389 Directory Server before 1.2.7.1

HP-UX Directory Server before B.08.10.03

References

http://oval.mitre.org/repository/data/getDef?id=oval:org....

vdb-entrysignaturex_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=625950

x_refsource_CONFIRM

https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2020
Vulnerability Reserved
Sep 13, 2010

Red Hat

What is CVE-2010-3282?

Affected Version(s)

References

CVSS V3.1

Timeline