Vulnerability CVE-2018-10871


Published: 2018-07-18

Description:
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Fedoraproject
Product: 389 directory server 
Version:
1.4.0.9
1.4.0.8
1.4.0.7
1.4.0.6
1.4.0.5
1.4.0.4
1.4.0.3
1.4.0.2
1.4.0.1
1.4.0.0
1.3.8.2
1.3.8.1
1.3.7.9
1.3.7.8
1.3.7.7
1.3.7.6
1.3.7.5
1.3.7.4
1.3.7.3
1.3.7.2
1.3.7.10
1.3.7.1
1.3.6.9
1.3.6.8
1.3.6.7
1.3.6.6
1.3.6.5
1.3.6.4
1.3.6.3
1.3.6.2
1.3.6.15
1.3.6.14
1.3.6.13
1.3.6.12
1.3.6.11
1.3.6.10
1.3.6.1
1.3.6.0
1.3.5.4
1.3.5.3
1.3.5.2
1.3.5.19
1.3.5.18
1.3.5.17
1.3.5.16
1.3.5.15
1.3.5.14
1.3.5.13
1.3.4.9
1.3.4.8
1.3.4.5
1.3.4.4
1.3.4.14
1.3.4.1
1.3.4.0
1.3.3.9
1.3.3.8
1.3.3.5
1.3.3.3
1.3.3.2
1.3.3.14
1.3.3.13
1.3.3.12
1.3.3.11
1.3.3.10
1.3.3.0
1.3.2.9
1.3.2.8
1.3.2.7
1.3.2.6
1.3.2.5
1.3.2.4
1.3.2.3
1.3.2.27
1.3.2.26
1.3.2.24
1.3.2.23
1.3.2.22
1.3.2.2
1.3.2.19
1.3.2.16
1.3.2.13
1.3.2.11
1.3.2.10
1.3.1.9
1.3.1.8
1.3.1.7
1.3.1.6
1.3.1.5
1.3.1.4
1.3.1.3
1.3.1.22
1.3.1.2
1.3.1.19
1.3.1.18
1.3.1.17
1.3.1.16
1.3.1.15
1.3.1.14
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871
https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html
https://pagure.io/389-ds-base/issue/49789

Related CVE
CVE-2019-3883
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are ...
CVE-2019-3880
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation...
CVE-2019-3870
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700,...
CVE-2019-9844
simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI.
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with...
CVE-2019-0217
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio...
CVE-2019-0215
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
CVE-2019-3829
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is...

Copyright 2019, cxsecurity.com

 

Back to Top