Vulnerabilities > Redhat > Directory Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2010-3282 | Cleartext Storage of Sensitive Information vulnerability in multiple products 389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log. | 1.9 |
| 2012-07-03 | CVE-2012-2678 | Cryptographic Issues vulnerability in multiple products 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. | 1.2 |
| 2012-07-03 | CVE-2012-2746 | Cryptographic Issues vulnerability in multiple products 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. | 2.1 |
| 2010-08-17 | CVE-2010-2241 | Permissions, Privileges, and Access Controls vulnerability in Redhat Directory Server 8.0/8.1 The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. | 2.1 |