CVE-2012-2746

Name	CVE-2012-2746
Description	389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
389-ds-base (PTS)	jessie, jessie (lts)	1.3.3.5-4+deb8u7	fixed
	stretch	1.3.5.17-2	fixed
	buster (security), buster, buster (lts)	1.4.0.21-1+deb10u1	fixed
	bullseye	1.4.4.11-2	fixed
	bookworm	2.3.1+dfsg1-1	fixed
	sid, trixie	3.1.1+dfsg1-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
389-ds-base	source	(unstable)	(not affected)

- 389-ds-base <not-affected> (Fixed before initial upload)