HP-UX Directory Server Discloses Passwords to Remote Authenticated and Local Users
Directory Server B.08.10.04
Two vulnerabilities were reported in HP-UX Directory Server.
A local user can access the plaintext password in certain cases [CVE-2012-2678].
A remote authenticated user can can view the password for a target LDAP user when audit logging is enabled by reading the audit log [CVE-2012-2678].
A remote authenticated user can view passwords.
A local user can view passwords.
The vendor has issued a fix (Directory Server B.08.10.05).