CVE-2018-10871 Information

Description

389-ds-base before versions 1.3.8.5 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default when the Replica and/or retroChangeLog plugins are enabled 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges such as root or Directory Manager can query these files in order to retrieve plaintext passwords.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/errata/RHSA-2019:3401 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871 https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html https://pagure.io/389-ds-base/issue/49789

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2