CVE-2012-2746

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

• CWE-310

• http://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
• http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
• http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
• http://secunia.com/advisories/49734Vendor Advisory
• http://www.osvdb.org/83329
• http://www.securityfocus.com/bid/54153
• https://bugzilla.redhat.com/show_bug.cgi?id=833482Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
• https://fedorahosted.org/389/ticket/365Vendor Advisory
• https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241
• http://directory.fedoraproject.org/wiki/Release_NotesVendor Advisory
• http://rhn.redhat.com/errata/RHSA-2012-0997.htmlVendor Advisory
• http://rhn.redhat.com/errata/RHSA-2012-1041.htmlVendor Advisory
• http://secunia.com/advisories/49734Vendor Advisory
• http://www.osvdb.org/83329
• http://www.securityfocus.com/bid/54153
• https://bugzilla.redhat.com/show_bug.cgi?id=833482Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/76595
• https://fedorahosted.org/389/ticket/365Vendor Advisory
• https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241

Published

Jul 3, 2012

Last Modified

Jun 16, 2026

Status

Modified