Unhashed Password Disclosure in 389 Directory Server

Unhashed Password Disclosure in 389 Directory Server

CVE-2012-2678 · LOW Severity

AV:L/AC:H/AU:N/C:P/I:N/A:N

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

Learn more about our Cis Benchmark Audit For Server Software.