Cleartext Password Logging Vulnerability in 389 Directory Server and HP-UX Directory Server
CVE-2010-3282

3.3LOW

Key Information:

Vendor
Red Hat
Status
389 Directory Server
HP-ux Directory Server
Vendor
CVE Published:
9 January 2020

Summary

Certain versions of 389 Directory Server and HP-UX Directory Server store the Directory Manager password in cleartext when audit logging is active. This poses a significant risk as local users can potentially access the password by reading the logs, compromising sensitive information and undermining the integrity of the server configuration. It is crucial for administrators to disable audit logging or implement mitigations to prevent unauthorized access to log files that could expose such sensitive data.

Affected Version(s)

389 Directory Server before 1.2.7.1

HP-UX Directory Server before B.08.10.03

References

http://oval.mitre.org/repository/data/getDef?id=oval:org....
vdb-entrysignaturex_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=625950
x_refsource_CONFIRM
https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.