PT-2019-11642 · Red Hat+3 · 389-Ds-Base+4

Publicado

2019-09-05

Atualizado

2023-04-24

CVE-2019-10224

CVSS v3.1

4.6

Média

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.4.x.x before 1.4.1.3

Description: A flaw has been found in the software. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Recommendations: For versions 1.4.x.x before 1.4.1.3, update to version 1.4.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of verbose mode when executing the dscreate and dsconf commands until a patch is available.

Correção

Insufficiently Protected Credentials

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-200

Identificadores relacionados

ALT-PU-2019-2649

ALT-PU-2019-3188

CESA-2019_3401

CVE-2019-10224

DLA-3399-1

RHSA-2019:3401

RHSA-2019_3401

Produtos afetados

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

PT-2019-11642 · Red Hat+3 · 389-Ds-Base+4

CVE-2019-10224

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14