CVE-2012-2746 - Droughty Dotterel

Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3) when the password of a LDAP user has been changed and audit logging is enabled saves the new password to the log in plain text which allows remote authenticated users to read the password.

Reference

http://rhn.redhat.com/errata/RHSA-2012-1041.html http://www.osvdb.org/83329 http://directory.fedoraproject.org/wiki/Release_Notes http://rhn.redhat.com/errata/RHSA-2012-0997.html http://www.securityfocus.com/bid/54153 https://bugzilla.redhat.com/show_bug.cgi?id=833482 https://fedorahosted.org/389/ticket/365 http://secunia.com/advisories/49734 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083 https://exchange.xforce.ibmcloud.com/vulnerabilities/76595 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241