PT-2020-7073 · Hewlett Packard+1 · Hp-Ux Directory Server+1
Vincent Danen
·
Published
2020-01-09
·
Updated
2020-01-29
·
CVE-2010-3282
CVSS v2.0
1.9
Low
| Vector | AV:L/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
389 Directory Server versions prior to 1.2.7.1
HP-UX Directory Server versions prior to B.08.10.03
Description
The issue allows local users to obtain sensitive information by reading the log when audit logging is enabled. This occurs because the Directory Manager password (
nsslapd-rootpw) is logged in cleartext when changing cn=config:nsslapd-rootpw.Recommendations
For 389 Directory Server versions prior to 1.2.7.1, update to version 1.2.7.1 or later to resolve the issue.
For HP-UX Directory Server versions prior to B.08.10.03, update to version B.08.10.03 or later to resolve the issue.
As a temporary workaround, consider disabling audit logging until a patch is available.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
389 Directory Server
Hp-Ux Directory Server