PT-2019-11642 · Red Hat+3 · 389-Ds-Base+4

Published

2019-09-05

Updated

2023-04-24

CVE-2019-10224

CVSS v3.1

4.6

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.4.x.x before 1.4.1.3

Description: A flaw has been found in the software. When executed in verbose mode, the dscreate and dsconf commands may display sensitive information, such as the Directory Manager password. An attacker, able to see the screen or record the terminal standard error output, could use this flaw to gain sensitive information.

Recommendations: For versions 1.4.x.x before 1.4.1.3, update to version 1.4.1.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of verbose mode when executing the dscreate and dsconf commands until a patch is available.

Fix

Insufficiently Protected Credentials

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200

Related Identifiers

ALT-PU-2019-2649

ALT-PU-2019-3188

CESA-2019_3401

CVE-2019-10224

DLA-3399-1

RHSA-2019:3401

RHSA-2019_3401

Affected Products

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

PT-2019-11642 · Red Hat+3 · 389-Ds-Base+4

CVE-2019-10224

Weakness Enumeration

Related Identifiers

Affected Products

References · 14