Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10871

Опубликовано: 18 июл. 2018
Источник: nvd
CVSS3: 3.8
CVSS3: 7.2
CVSS2: 4
EPSS Низкий

Описание

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Версия до 1.3.8.5 (исключая)
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Версия от 1.4.0.0 (включая) до 1.4.0.12 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.00357
Низкий

3.8 Low

CVSS3

7.2 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-312
CWE-312

Связанные уязвимости

ubuntu логотип

CVE-2018-10871

CVSS3: 3.8
ubuntu
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

redhat логотип

CVE-2018-10871

CVSS3: 3.8
redhat
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

debian логотип

CVE-2018-10871

CVSS3: 3.8
debian
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Clear ...

github логотип

GHSA-pxxp-9p24-326h

CVSS3: 7.2
github
больше 3 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

oracle-oval логотип

ELSA-2019-3401

oracle-oval
около 6 лет назад

ELSA-2019-3401: 389-ds:1.4 security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 57%
0.00357
Низкий

3.8 Low

CVSS3

7.2 High

CVSS3

4 Medium

CVSS2

Дефекты

CWE-312
CWE-312