Main Vulnerability Database Vulnerabilities #VU77479

Information disclosure in Red Hat Directory Server - CVE-2023-1055

Published: June 16, 2023

Vulnerability identifier: #VU77479

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-1055

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Red Hat Directory Server

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to LDAP browser tries to decode userPassword instead of userCertificate attribute. The decoded hashed password is later shown in the process list as an argument. A local user can obtain the hashed password from the process list.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2173517

Information disclosure in Red Hat Directory Server - CVE-2023-1055

Description

Remediation

External links

Please verify you're human