CVE-2010-3282

Description

389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.

Affected products

• HP / HP-UX Directory Serverbefore B.08.10.03 – before B.08.10.03
• Red Hat / 389 Directory Serverbefore 1.2.7.1 – before 1.2.7.1

References

• MISChttp://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6914
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=625950
• MISChttps://git.fedorahosted.org/cgit/389/ds.git/commit/?id=d38ae06
• MISChttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02522633&docLocale=en_US