DEBIAN-CVE-2018-10871

DEBIAN-CVE-2018-10871 PUBLISHED CVSS 7.199999809265137 HIGH

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Risk Scores

CVSS v3.0

7.199999809265137

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	389-ds-base	0, 0, 0
Debian:11	389-ds-base	0, 0, 0
Debian:12	389-ds-base	0, 0, 0

Timeline

Jul 18, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-10871 advisory

Open in Interactive Console →