Home > Vulnerability Database > CVE-2018-10871

Mend.io Vulnerability Database

CVE-2018-10871

Date: July 18, 2018

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Severity Score

7.2

Related Resources (9)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871

Url: https://access.redhat.com/errata/RHSA-2019:3401

Url: https://security-tracker.debian.org/tracker/CVE-2018-10871

Url: https://pagure.io/389-ds-base/issue/49789

Url: https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10871

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-10871

Url: https://access.redhat.com/security/cve/CVE-2018-10871

Url: https://www.mend.io/vulnerability-database/CVE-2018-10871

Severity Score

7.2

Weakness Type (CWE)

Cleartext Storage of Sensitive Information

CWE-312

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-10871

Date: July 18, 2018

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?