fedoraproject 389-directory-server CVE-2018-10871 in Fedora Project and Debian Products
Published on July 18, 2018

product logo product logo
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Vendor Advisory NVD

Weakness Type

Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.


Products Associated with CVE-2018-10871

stack.watch emails you whenever new vulnerabilities are published in Fedora Project 389 Directory Server or Debian Linux. Just hit a watch button to start following.

Fedora Project 389 Directory Server
 
Debian Linux
 

Affected Versions

[UNKNOWN] 389-ds-base:

Exploit Probability

EPSS
0.36%
Percentile
57.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.