CVE-2012-2746

Name of the Vulnerable Software and Affected Versions 389 Directory Server versions prior to 1.2.11.6 Red Hat Directory Server versions prior to 8.2.10-3 389-ds-base versions 1.2.10.2 389-ds-base-debuginfo versions 1.2.10.2 389-ds-base-libs versions 1.2.10.2 389-ds-base-devel versions 1.2.10.2

Description The issue allows remote authenticated users to read passwords in plain text when audit logging is enabled and a LDAP user's password has been changed. Exploitation can lead to a breach of protected information. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.

Recommendations For 389 Directory Server versions prior to 1.2.11.6, update to version 1.2.11.6 or later. For Red Hat Directory Server versions prior to 8.2.10-3, update to version 8.2.10-3 or later. For 389-ds-base, 389-ds-base-debuginfo, 389-ds-base-libs, and 389-ds-base-devel versions 1.2.10.2, update to a version later than 1.2.10.2. As a temporary workaround, consider disabling audit logging for LDAP user password changes until a patch is available. Restrict access to the affected server to minimize the risk of exploitation. Avoid using plain text passwords in the affected API endpoints until the issue is resolved.