Cause: Enabling audit logging and performing a password change operation using the clear text password.
Consequence: The clear text password is logged in the audit log in the unhashed#user#password attribute.
Fix: Added a nsslapd-audit-logging-hide-unhashed-pw configuration attribute. If this attribute is "on", the clear text password is logged, otherwise, it is not. The default is "off" - do not log the password.
Result: By default, no clear text password is logged. User can choose to log it and take appropriate security measures.