CVE-2018-10871 LOW

CVE-2018-10871

Vendor [Unknown]
Product 389-ds-base
Weakness CWE-312 · Cleartext storage
Published July 18, 2018
Last update August 5, 2024

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Key dates

02Disclosure timeline

July 18, 2018 CVE published
August 5, 2024 Record updated