CVE-2012-2746

low

Published 2012-07-03 · Modified 2026-04-29

CVSS v3

—

CVSS v2

2.1

VIR risk

2.1

Description

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://fedorahosted.org/389/ticket/365

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=833482

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/49734

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2012-1041.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2012-0997.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://directory.fedoraproject.org/wiki/Release_Notes

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2746

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0`
debian	sid	fixed	`0`
debian	bullseye	fixed	`0`
debian	trixie	fixed	`0`

Application impact

Vendor	Product	Versions
redhat	directory_server	`{"endIncluding":"8.2"}`
redhat	directory_server	`7.1`
redhat	directory_server	`8.0`
redhat	directory_server	`8.1`
fedoraproject	389_directory_server	`{"endIncluding":"1.2.11.5"}`
fedoraproject	389_directory_server	`1.2.1`
fedoraproject	389_directory_server	`1.2.2`
fedoraproject	389_directory_server	`1.2.3`
fedoraproject	389_directory_server	`1.2.5`
fedoraproject	389_directory_server	`1.2.6`
fedoraproject	389_directory_server	`1.2.6.1`
fedoraproject	389_directory_server	`1.2.7`
fedoraproject	389_directory_server	`1.2.7.5`
fedoraproject	389_directory_server	`1.2.8`
fedoraproject	389_directory_server	`1.2.8.1`
fedoraproject	389_directory_server	`1.2.8.2`
fedoraproject	389_directory_server	`1.2.8.3`
fedoraproject	389_directory_server	`1.2.9.9`
fedoraproject	389_directory_server	`1.2.10`
fedoraproject	389_directory_server	`1.2.10.1`
fedoraproject	389_directory_server	`1.2.10.2`
fedoraproject	389_directory_server	`1.2.10.3`
fedoraproject	389_directory_server	`1.2.10.4`
fedoraproject	389_directory_server	`1.2.10.7`
fedoraproject	389_directory_server	`1.2.11.1`

References

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.