How severe is CVE-2018-10871?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2018-10871?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2018-10871 - HIGH Severity | CVSS 7.2

Vulnerability Description

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.

Related Vulnerabilities

CVE-2009-5068

HIGH

CVSS:7.2(High)

There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted...

CWE-3122009

CVE-2018-19981

HIGH

CVSS:7.2(High)

Amazon AWS SDK <=2.8.5 for Android uses Android SharedPreferences to store plain text AWS STS Temporary Credentials retrieved by AWS Cognito Identity Service. An attacker can use these credentials to ...

CWE-3122018

CVE-2019-3753

HIGH

CVSS:7.2(High)

Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K running firmware versions prior to 5.1.15.2 contain a plain-text password storage vulnerability. TACACS\Radius credentials are stored ...

CWE-3122019

CVE-2019-6549

HIGH

CVSS:7.2(High)

An attacker could retrieve plain-text credentials stored in a XML file on PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) through FTP.

CWE-3122019

CVE-2020-29001

HIGH

CVSS:7.2(High)

An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTf...

CWE-3122020

CVE-2023-50957

HIGH

CVSS:7.2(High)

IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.

CWE-3122023