Directory Server Vulnerability in 389 Directory Server by Red Hat
CVE-2014-8112

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 10 March 2015

Summary

The 389 Directory Server contains a vulnerability that leads to the storage of unhashed passwords, despite the nsslapd-unhashed-pw-switch option being disabled. This issue allows remote authenticated users to potentially gain access to sensitive information by reading the Changelog, compromising the security integrity of the system.

References

http://directory.fedoraproject.org/docs/389ds/releases/re...

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1172729

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-0416.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Mar 10, 2015
Vulnerability Reserved
Oct 10, 2014