Fedoraproject: >> 389 Directory Server >> 1.3.1.13 Security Vulnerabilities
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.
CVSS Score
4.0
EPSS Score
0.003
Published
2015-03-10
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2015-03-10
Page 2