pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2005-06-29T04:00:00
Updated: 2024-08-07T22:15:37.352Z
Reserved: 2005-06-29T00:00:00
Link: CVE-2005-2069
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-06-30T04:00:00.000
Modified: 2024-11-20T23:58:43.783
Link: CVE-2005-2069
Redhat