Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

See the

CVE page on Mitre.org for more details.

References

MISC: http://lists.fedorapro...
MISC: https://bugzilla.redha...
MISC: http://rhn.redhat.com/...
MISC: http://directory.fedor...
MISC: http://directory.fedor...

Launchpad.net

CVE 2014-8112

Related bugs

References