Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-10871

Опубликовано: 18 июл. 2018
Источник: ubuntu
Приоритет: medium
CVSS2: 4
CVSS3: 3.8

Описание

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needed
cosmic

ignored

end of life
devel

not-affected

1.4.0.13-1
disco

not-affected

1.4.0.13-1
eoan

not-affected

1.4.0.13-1
esm-apps/bionic

needed

esm-apps/focal

not-affected

1.4.0.13-1
esm-apps/jammy

not-affected

1.4.0.13-1
esm-apps/noble

not-affected

1.4.0.13-1

Показывать по

Ссылки на источники

4 Medium

CVSS2

3.8 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-10871

CVSS3: 3.8
redhat
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

nvd логотип

CVE-2018-10871

CVSS3: 3.8
nvd
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

debian логотип

CVE-2018-10871

CVSS3: 3.8
debian
больше 7 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Clear ...

github логотип

GHSA-pxxp-9p24-326h

CVSS3: 7.2
github
больше 3 лет назад

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

oracle-oval логотип

ELSA-2019-3401

oracle-oval
около 6 лет назад

ELSA-2019-3401: 389-ds:1.4 security, bug fix, and enhancement update (IMPORTANT)

4 Medium

CVSS2

3.8 Low

CVSS3

Уязвимость CVE-2018-10871