CVE-2018-10871

Published: Jul 18, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

3.8

LOW

Description

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Vendor	Product	Versions
[UNKNOWN]	389-ds-base	affected `389-ds-base 1.3.8.5` affected `389-ds-base 1.4.0.12`

Weaknesses (CWE)

CWE-312

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871

x_refsource_CONFIRM

https://pagure.io/389-ds-base/issue/49789

x_refsource_CONFIRM

[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update

mailing-list

x_refsource_MLIST

RHSA-2019:3401

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-10871

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References