CVE-2014-8112
Vulnerability from cvelistv5
Published
2015-03-10 14:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-03T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172729"
},
{
"name": "RHSA-2015:0416",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0416.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html"
},
{
"name": "FEDORA-2015-3368",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8112",
"datePublished": "2015-03-10T14:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-8112\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-03-10T14:59:01.600\",\"lastModified\":\"2024-11-21T02:18:34.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \\\"unhashed\\\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.\"},{\"lang\":\"es\",\"value\":\"389 Directory Server 1.3.1.x, 1.3.2.x anterior a 1.3.2.27, y 1.3.3.x anterior a 1.3.3.9 almacena contrase\u00f1as sin estar en hash incluso cuando la opci\u00f3n nsslapd-unhashed-pw-switch est\u00e1 configurado como apagado (off), lo que permite a usuarios remotosw autenticados obtener informaci\u00f3n sensible mediante la lectura del registro de cambios (Changelog).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BD1442-A488-40AF-B012-02C494F890EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC09ED4F-BD6F-4E4F-A3E9-3CB1F786C28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6E9579-5C2A-4DDB-BC89-9C2F9D3E57A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"636CF78E-C1D5-4E19-8447-243938482B0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"208B3899-8FCD-4BDC-A1B7-DB5EBCBD24DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD54252-424A-4E03-BA8C-F68DF1B69387\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFFBA09-8B02-4AF2-96F8-61051B9AE5BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81016A2A-EC20-43AF-A8D7-0F00CB86AA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97AA7912-CEB0-4D97-A969-6C96F2277A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6423AE4-A4D1-4D5F-BE68-1314C729A699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E52074-5F34-4AC4-8AA2-75DD5788E02E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0512AB8C-B987-43E6-A88D-B2FA32107C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"915D2B3E-011D-4EB4-B681-F3D4D750B81B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CADECEB-330D-4E1B-A55D-77EAA3C4E618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42DAE37-0208-4933-8AA1-4E020E2098ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B23F21B-AD72-46E5-913F-94041DEF797D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99672B7-7C21-46DD-AD56-1AF181BB667A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CB17B0-5EA1-4D48-998C-63398E125746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B081EEB-FA22-4AF1-8C17-A1093093B936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E170B73A-80F5-4E26-AD41-12FABD79439E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB3C4A80-1F0F-4286-B48F-4964AAF618AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDF5D990-E925-4662-A119-09A1B4679A8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E42EE75-317F-46AE-9A91-1868F6EA2B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9803DD63-02DA-42DB-B06D-93C3CA1C2DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F794D2-B5BB-4CC0-B4DC-AE40C66629D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20ABC05B-4D65-41E6-BB53-848CE39616D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4D999F0-9541-44AA-A6AC-0AA157C8363B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FEB623B-9405-4DE2-9C68-446445AA8283\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B6E0D3-D9C7-46E6-B7AD-FBB69CF16B65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7438F4E9-31E2-4719-81BB-046C0A51F63A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"423936CB-530E-469E-B94F-253262B53B00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC5ED2C-6A0D-4848-8F68-3F4519C78EC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"517C24AC-436E-456F-A425-2CF8EE079F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D1CC183-135E-4546-A28C-67AA775CECD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041A4EB5-8F0F-4CDF-BAEC-405539BE6901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90850EA2-9F98-44D5-BE29-217978286AE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F841EEC9-3EB4-46F0-9092-10813C8874A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CA8E677-71A6-499C-9CD7-9C90744DC811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EE57EB-D603-40A5-84F5-BEA703D8A0EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6E18AB1-FE95-49F2-A354-F24C4569634C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D4A1FC-53B7-493F-9D9C-B1DA6231A3E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1AE563B-59ED-40F4-B2FF-CDE6EFA5087B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:1.3.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"220041CC-C46F-4D0E-B231-0645621A7E66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]}],\"references\":[{\"url\":\"http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0416.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1172729\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0416.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1172729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.