SecuritySpace - CVE-2018-10871

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-10871

Description: 389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Test IDs: 1.3.6.1.4.1.25623.1.1.2.2019.2554 1.3.6.1.4.1.25623.1.0.891483 1.3.6.1.4.1.25623.1.1.2.2019.2127

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-10871
https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html
RedHat Security Advisories: RHSA-2019:3401
https://access.redhat.com/errata/RHSA-2019:3401

CVE ID:	CVE-2018-10871
Description:	389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
Test IDs:	1.3.6.1.4.1.25623.1.1.2.2019.2554 1.3.6.1.4.1.25623.1.0.891483 1.3.6.1.4.1.25623.1.1.2.2019.2127
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-10871 https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html RedHat Security Advisories: RHSA-2019:3401 https://access.redhat.com/errata/RHSA-2019:3401