Bug 1172729 (CVE-2014-8112)
Summary: | CVE-2014-8112 389-ds-base: password hashing bypassed when "nsslapd-unhashed-pw-switch" is set to off | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | jrusnack, nhosoi, nkinder, rmeggins, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to "off", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-05 20:11:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1172730, 1172731, 1199675 | ||
Bug Blocks: | 1168154 |
Description
Vasyl Kaigorodov
2014-12-10 15:54:44 UTC
Acknowledgement: This issue was discovered by Ludwig Krispenz of the Red Hat Identity Management Engineering Team. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0416 https://rhn.redhat.com/errata/RHSA-2015-0416.html Created 389-ds-base tracking bugs for this issue: Affects: fedora-all [bug 1199675] |