Showing 1 - 1 of 1

CVE-2014-8112

Status Candidate

Overview

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

Related Files

Red Hat Security Advisory 2015-0416-02: Posted Mar 5, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-0416-02 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords.; tags | advisory, protocol, info disclosure; systems | linux, redhat; advisories | CVE-2014-8105, CVE-2014-8112; SHA-256 | 76eb8d2678ea35214cc2b6dc75f20467670b3bbe6c447c60435db6da9f142be7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 270 files
indoushka 155 files
Jay Turla 150 files
Ubuntu 66 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,118)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,096)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,754)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,812)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

CVE-2014-8112

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems