LDAP Credential Storage Vulnerability in IBM Scale Out Network Attached Storage
CVE-2012-0706

Currently unrated

Key Information:

Vendor: IBM
Status: Scale Out Network Attached Storage
Vendor: CVE Published:; 7 April 2013

Summary

IBM Scale Out Network Attached Storage (SONAS) versions prior to 1.3.2.3 are susceptible to a vulnerability where LDAP credentials are stored in cleartext. This design flaw does not advise the use of a less privileged LDAP account, potentially enabling attackers with root access on a client machine to retrieve sensitive information from the server. Proper measures to secure authentication data in storage are crucial to prevent unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73309

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004292

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 7, 2013
Vulnerability Reserved
Jan 17, 2012