Candidate: CVE-2014-8112
PublicDate: 2015-03-10 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8112
Description:
 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before
 1.3.3.9 stores "unhashed" passwords even when the
 nsslapd-unhashed-pw-switch option is set to off, which allows remote
 authenticated users to obtain sensitive information by reading the
 Changelog.
Ubuntu-Description:
Notes:
 tyhicks> Versions 1.3.1 and later
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779909
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8112
Priority: low
Discovered-by: Ludwig Krispenz
Assigned-to:
CVSS: 

Patches_389-ds-base:
 other: https://pagure.io/389-ds-base/c/84b8bfd7d18a0613920dce36f1d3775d75e45a3e
upstream_389-ds-base: released (1.3.3.5-4)
lucid_389-ds-base: DNE
precise_389-ds-base: not-affected (1.2.10.4-0ubuntu3.1)
precise/esm_389-ds-base: DNE (precise was not-affected [1.2.10.4-0ubuntu3.1])
trusty_389-ds-base: ignored (reached end-of-life)
trusty/esm_389-ds-base: DNE (trusty was needed)
utopic_389-ds-base: ignored (reached end-of-life)
vivid_389-ds-base: ignored (reached end-of-life)
vivid/stable-phone-overlay_389-ds-base: DNE
vivid/ubuntu-core_389-ds-base: DNE
wily_389-ds-base: ignored (reached end-of-life)
xenial_389-ds-base: not-affected
yakkety_389-ds-base: not-affected
zesty_389-ds-base: not-affected
artful_389-ds-base: not-affected
bionic_389-ds-base: not-affected
cosmic_389-ds-base: not-affected
disco_389-ds-base: not-affected
devel_389-ds-base: not-affected