389 Directory Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by LDAP during password change operations, which will disclose unhashed password information to an attacker with access to network traffic between the LDAP server and the user.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 220.127.116.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.