What is the severity of CVE-2012-2746?

CVE-2012-2746 has a moderate severity level due to the risk of sensitive password information exposure.

How do I fix CVE-2012-2746?

To fix CVE-2012-2746, upgrade your version of 389 Directory Server to 1.2.11.6 or later.

What types of users are affected by CVE-2012-2746?

This vulnerability affects remote authenticated users who can access the audit logs.

What versions of 389 Directory Server are vulnerable to CVE-2012-2746?

CVE-2012-2746 affects versions prior to 1.2.11.6 of 389 Directory Server.

Can I mitigate CVE-2012-2746 without upgrading?

Mitigation without upgrading is not recommended as it involves complex configurations that may not completely eliminate the risk.

Vulnerability/
CVE-2012-2746

low

2.1

CWE

310

19/6/2012

3/7/2012

29/9/2019

CVE-2012-2746

First published: Tue Jun 19 2012(Updated: )

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/389-ds-base	<1.3.0.	1.3.0.
Red Hat Directory Server	<=8.2
Red Hat Directory Server	=7.1
Red Hat Directory Server	=8.0
Red Hat Directory Server	=8.1
Red Hat 389 Directory Server	<=1.2.11.5
Red Hat 389 Directory Server	=1.2.1
Red Hat 389 Directory Server	=1.2.2
Red Hat 389 Directory Server	=1.2.3
Red Hat 389 Directory Server	=1.2.5
Red Hat 389 Directory Server	=1.2.5-rc1
Red Hat 389 Directory Server	=1.2.5-rc2
Red Hat 389 Directory Server	=1.2.5-rc3
Red Hat 389 Directory Server	=1.2.5-rc4
Red Hat 389 Directory Server	=1.2.6
Red Hat 389 Directory Server	=1.2.6-a2
Red Hat 389 Directory Server	=1.2.6-a3
Red Hat 389 Directory Server	=1.2.6-a4
Red Hat 389 Directory Server	=1.2.6-rc1
Red Hat 389 Directory Server	=1.2.6-rc2
Red Hat 389 Directory Server	=1.2.6-rc3
Red Hat 389 Directory Server	=1.2.6-rc6
Red Hat 389 Directory Server	=1.2.6-rc7
Red Hat 389 Directory Server	=1.2.6.1
Red Hat 389 Directory Server	=1.2.7-alpha3
Red Hat 389 Directory Server	=1.2.7.5
Red Hat 389 Directory Server	=1.2.8-alpha1
Red Hat 389 Directory Server	=1.2.8-alpha2
Red Hat 389 Directory Server	=1.2.8-alpha3
Red Hat 389 Directory Server	=1.2.8-rc1
Red Hat 389 Directory Server	=1.2.8-rc2
Red Hat 389 Directory Server	=1.2.8.1
Red Hat 389 Directory Server	=1.2.8.2
Red Hat 389 Directory Server	=1.2.8.3
Red Hat 389 Directory Server	=1.2.9.9
Red Hat 389 Directory Server	=1.2.10-alpha8
Red Hat 389 Directory Server	=1.2.10-rc1
Red Hat 389 Directory Server	=1.2.10.1
Red Hat 389 Directory Server	=1.2.10.2
Red Hat 389 Directory Server	=1.2.10.3
Red Hat 389 Directory Server	=1.2.10.4
Red Hat 389 Directory Server	=1.2.10.7
Red Hat 389 Directory Server	=1.2.11.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2746?
CVE-2012-2746 has a moderate severity level due to the risk of sensitive password information exposure.
How do I fix CVE-2012-2746?
To fix CVE-2012-2746, upgrade your version of 389 Directory Server to 1.2.11.6 or later.
What types of users are affected by CVE-2012-2746?
This vulnerability affects remote authenticated users who can access the audit logs.
What versions of 389 Directory Server are vulnerable to CVE-2012-2746?
CVE-2012-2746 affects versions prior to 1.2.11.6 of 389 Directory Server.
Can I mitigate CVE-2012-2746 without upgrading?
Mitigation without upgrading is not recommended as it involves complex configurations that may not completely eliminate the risk.

collector/redhat-bugzilla
alias/CVE-2012-2746
agent/type
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/weakness
agent/description
agent/author
agent/references
agent/event
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/redhat
canonical/red hat directory server
version/red hat directory server/8.2
version/red hat directory server/7.1
version/red hat directory server/8.0
version/red hat directory server/8.1
vendor/fedoraproject
canonical/red hat 389 directory server
version/red hat 389 directory server/1.2.11.5
version/red hat 389 directory server/1.2.1
version/red hat 389 directory server/1.2.2
version/red hat 389 directory server/1.2.3
version/red hat 389 directory server/1.2.5
version/red hat 389 directory server/1.2.5-rc1
version/red hat 389 directory server/1.2.5-rc2
version/red hat 389 directory server/1.2.5-rc3
version/red hat 389 directory server/1.2.5-rc4
version/red hat 389 directory server/1.2.6
version/red hat 389 directory server/1.2.6-a2
version/red hat 389 directory server/1.2.6-a3
version/red hat 389 directory server/1.2.6-a4
version/red hat 389 directory server/1.2.6-rc1
version/red hat 389 directory server/1.2.6-rc2
version/red hat 389 directory server/1.2.6-rc3
version/red hat 389 directory server/1.2.6-rc6
version/red hat 389 directory server/1.2.6-rc7
version/red hat 389 directory server/1.2.6.1
version/red hat 389 directory server/1.2.7-alpha3
version/red hat 389 directory server/1.2.7.5
version/red hat 389 directory server/1.2.8-alpha1
version/red hat 389 directory server/1.2.8-alpha2
version/red hat 389 directory server/1.2.8-alpha3
version/red hat 389 directory server/1.2.8-rc1
version/red hat 389 directory server/1.2.8-rc2
version/red hat 389 directory server/1.2.8.1
version/red hat 389 directory server/1.2.8.2
version/red hat 389 directory server/1.2.8.3
version/red hat 389 directory server/1.2.9.9
version/red hat 389 directory server/1.2.10-alpha8
version/red hat 389 directory server/1.2.10-rc1
version/red hat 389 directory server/1.2.10.1
version/red hat 389 directory server/1.2.10.2
version/red hat 389 directory server/1.2.10.3
version/red hat 389 directory server/1.2.10.4
version/red hat 389 directory server/1.2.10.7
version/red hat 389 directory server/1.2.11.1