CVE-2018-10871
Last modified
CVE-2018-10871 is a vulnerability of currently unknown severity. 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. EPSS estimates a 1.00% chance of exploitation in the next 30 days.
Description
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | < 1.3.8.5 |
| Fedoraproject | 389 Directory Server | >= 1.4.0.0, < 1.4.0.12 |
| Debian | Debian Linux | 8.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871Issue Tracking, Mitigation, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/08/msg00032.htmlMailing List, Third Party Advisory
- https://pagure.io/389-ds-base/issue/49789Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871Issue Tracking, Mitigation, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/08/msg00032.htmlMailing List, Third Party Advisory
- https://pagure.io/389-ds-base/issue/49789Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10871?
How severe is CVE-2018-10871?
How do I fix CVE-2018-10871?
Are you affected by CVE-2018-10871?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST