ID CVE-2012-2678
Summary 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
References
Vulnerable Configurations
  • Red Hat Directory Server 8.1
    cpe:2.3:a:redhat:directory_server:8.1
  • Red Hat Directory Server 8.0
    cpe:2.3:a:redhat:directory_server:8.0
  • Red Hat Directory Server 7.1
    cpe:2.3:a:redhat:directory_server:7.1
  • Red Hat Directory Server 8.2
    cpe:2.3:a:redhat:directory_server:8.2
  • Fedora Project 389 Directory Server 1.2.7 Alpha 3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.7:alpha3
  • Fedora Project 389 Directory Server 1.2.6
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6
  • Fedora Project 389 Directory Server 1.2.6 Release Candidate 6
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc6
  • Fedora Project 389 Directory Server 1.2.6 Release Candidate 3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc3
  • Fedora Project 389 Directory Server 1.2.6.1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6.1
  • Fedora Project 389 Directory Server 1.2.6 Release Candidate 7
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc7
  • Fedora Project 389 Directory Server 1.2.6 a4
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a4
  • Fedora Project 389 Directory Server 1.2.6 a3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a3
  • Fedora Project 389 Directory Server 1.2.6 Release Candidate 2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc2
  • Fedora Project 389 Directory Server 1.2.6 Release Candidate 1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:rc1
  • Fedora Project 389 Directory Server 1.2.5 Release Candidate 4
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc4
  • Fedora Project 389 Directory Server 1.2.5 Release Candidate 3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc3
  • Fedora Project 389 Directory Server 1.2.6 a2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.6:a2
  • Fedora Project 389 Directory Server 1.2.5
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.5
  • Fedora Project 389 Directory Server 1.2.2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.2
  • Fedora Project 389 Directory Server 1.2.3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.3
  • Fedora Project 389 Directory Server 1.2.5 Release Candidate 1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc1
  • Fedora Project 389 Directory Server 1.2.5 Release Candidate 2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.5:rc2
  • Fedora Project 389 Directory Server 1.2.8 Alpha 1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha1
  • Fedora Project 389 Directory Server 1.2.7.5
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.7.5
  • Fedora Project 389 Directory Server 1.2.1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.1
  • Fedora Project 389 Directory Server 1.2.8 Release Candidate 1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc1
  • Fedora Project 389 Directory Server 1.2.8 Alpha 2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha2
  • Fedora Project 389 Directory Server 1.2.8 Alpha 3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:alpha3
  • Fedora Project 389 Directory Server 1.2.8.1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.1
  • Fedora Project 389 Directory Server 1.2.8 Release Candidate 2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8:rc2
  • Fedora Project 389 Directory Server 1.2.8.2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.2
  • Fedora Project 389 Directory Server 1.2.8.3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.8.3
  • Fedora Project 389 Directory Server 1.2.9.9
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.9.9
  • Fedora Project 389 Directory Server 1.2.10 alpha8
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:alpha8
  • Fedora Project 389 Directory Server 1.2.10 release candidate 1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10:rc1
  • cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.1
  • Fedora Project 389 Directory Server 1.2.10.2
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.2
  • Fedora Project 389 Directory Server 1.2.10.3
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.3
  • Fedora Project 389 Directory Server 1.2.10.4
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.4
  • cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.10.7
  • Fedora Project 389 Directory Server 1.2.11.1
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1
  • Fedora Project 389 Directory Server 1.2.11.5
    cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5
CVSS
Base: 1.2 (as of 03-07-2012 - 14:40)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1041.NASL
    description Updated redhat-ds-base packages that fix two security issues are now available for Red Hat Directory Server 8. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the 'unhashed#user#password' attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, 'nsslapd-auditlog-logging-hide-unhashed-pw', which when set to 'on' (the default option), prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in '/etc/dirsrv/ slapd-[ID]/dse.ldif'. (CVE-2012-2746) All users of Red Hat Directory Server 8 are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the dirsrv service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78926
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78926
    title RHEL 5 : redhat-ds-base (RHSA-2012:1041)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0997.NASL
    description From Red Hat Security Advisory 2012:0997 : Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the 'unhashed#user#password' attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, 'nsslapd-auditlog-logging-hide-unhashed-pw', which when set to 'on' (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in '/etc/dirsrv/slapd-[ID]/dse.ldif'. (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68565
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68565
    title Oracle Linux 6 : 389-ds-base (ELSA-2012-0997)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0997.NASL
    description Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the 'unhashed#user#password' attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, 'nsslapd-auditlog-logging-hide-unhashed-pw', which when set to 'on' (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in '/etc/dirsrv/slapd-[ID]/dse.ldif'. (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59936
    published 2012-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59936
    title CentOS 6 : 389-ds-base (CESA-2012:0997)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120620_389_DS_BASE_ON_SL6_X.NASL
    description The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the 'unhashed#user#password' attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, 'nsslapd-auditlog-logging-hide-unhashed-pw', which when set to 'on' (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in '/etc/dirsrv/slapd-[ID]/dse.ldif'. (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61334
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61334
    title Scientific Linux Security Update : 389-ds-base on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0997.NASL
    description Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the 'unhashed#user#password' attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, 'nsslapd-auditlog-logging-hide-unhashed-pw', which when set to 'on' (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in '/etc/dirsrv/slapd-[ID]/dse.ldif'. (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59636
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59636
    title RHEL 6 : 389-ds-base (RHSA-2012:0997)
oval via4
accepted 2015-04-20T04:01:10.291-04:00
class vulnerability
contributors
  • name Ganesh Manal
    organization Hewlett-Packard
  • name Prashant Kumar
    organization Hewlett-Packard
  • name Mike Cokus
    organization The MITRE Corporation
description 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
family unix
id oval:org.mitre.oval:def:19353
status accepted
submitted 2013-11-22T11:43:28.000-05:00
title HP-UX Directory Server, Remote Disclosure of Information
version 42
redhat via4
advisories
  • rhsa
    id RHSA-2012:0997
  • rhsa
    id RHSA-2012:1041
rpms
  • 389-ds-base-0:1.2.10.2-18.el6_3
  • 389-ds-base-devel-0:1.2.10.2-18.el6_3
  • 389-ds-base-libs-0:1.2.10.2-18.el6_3
refmap via4
bid 54153
confirm http://directory.fedoraproject.org/wiki/Release_Notes
hp
  • HPSBUX02881
  • SSRT101189
osvdb 83336
secunia 49734
Last major update 05-12-2013 - 00:14
Published 03-07-2012 - 12:40
Last modified 18-09-2017 - 21:34
Back to Top