OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-14T04:00:00
Updated: 2024-08-08T00:31:47.659Z
Reserved: 2004-08-27T00:00:00
Link: CVE-2004-0823
Vulnrichment
No data.
NVD
Status : Modified
Published: 2004-09-07T04:00:00.000
Modified: 2024-11-20T23:49:29.803
Link: CVE-2004-0823
Redhat