Upstream information
Description
389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having low severity.
National Vulnerability Database | |
---|---|
Base Score | 4 |
Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | Single |
Confidentiality Impact | Partial |
Integrity Impact | None |
Availability Impact | None |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Module for Server Applications 15 SP2 |
| |
SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 |
| |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA 389-ds |