QwikSec

Security Database

CVE

CWE

Training

CVE-2010-3282

Published: Jan 9, 2020

Modified: Aug 7, 2024

PUBLISHED

Description

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

Vendor	Product	Versions
Red Hat	389 Directory Server	affected `before 1.2.7.1`
HP	HP-UX Directory Server	affected `before B.08.10.03`

References

oval:org.mitre.oval:def:6914

vdb-entry

signature

x_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=625950

x_refsource_CONFIRM

https://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06

x_refsource_CONFIRM

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.