CVE-2004-0823
First published: Tue Sep 07 2004(Updated: )
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenLDAP Servers | =2.0.2 | |
| Red Hat OpenLDAP Servers | =2.0.11_11 | |
| Red Hat OpenLDAP Servers | =2.1.15 | |
| Red Hat OpenLDAP Servers | =2.1.10 | |
| Red Hat OpenLDAP Servers | =1.2.6 | |
| Red Hat OpenLDAP Servers | =1.1.2 | |
| Red Hat OpenLDAP Servers | =2.0.22 | |
| Red Hat OpenLDAP Servers | =2.0.9 | |
| Red Hat OpenLDAP Servers | =2.1.19 | |
| Red Hat OpenLDAP Servers | =1.0 | |
| Red Hat OpenLDAP Servers | =1.2.7 | |
| Red Hat OpenLDAP Servers | =2.0.15 | |
| Red Hat OpenLDAP Servers | =2.1.14 | |
| Red Hat OpenLDAP Servers | =1.0.2 | |
| Red Hat OpenLDAP Servers | =2.0.14 | |
| Red Hat OpenLDAP Servers | =2.0.7 | |
| Red Hat OpenLDAP Servers | =1.2.11 | |
| Red Hat OpenLDAP Servers | =2.0.13 | |
| Red Hat OpenLDAP Servers | =2.0.27 | |
| Red Hat OpenLDAP Servers | =2.0.11_9 | |
| Red Hat OpenLDAP Servers | =2.1.17 | |
| Red Hat OpenLDAP Servers | =2.0.3 | |
| Red Hat OpenLDAP Servers | =1.2.12 | |
| Red Hat OpenLDAP Servers | =2.0.25 | |
| Red Hat OpenLDAP Servers | =2.1.12 | |
| Red Hat OpenLDAP Servers | =2.0.12 | |
| Red Hat OpenLDAP Servers | =2.1_.20 | |
| Red Hat OpenLDAP Servers | =1.2.1 | |
| Red Hat OpenLDAP Servers | =1.1.4 | |
| Red Hat OpenLDAP Servers | =1.1 | |
| Red Hat OpenLDAP Servers | =1.2.10 | |
| Red Hat OpenLDAP Servers | =1.1.1 | |
| Red Hat OpenLDAP Servers | =2.0.20 | |
| Red Hat OpenLDAP Servers | =1.2.2 | |
| Red Hat OpenLDAP Servers | =1.0.1 | |
| Red Hat OpenLDAP Servers | =1.2.4 | |
| Red Hat OpenLDAP Servers | =2.0.4 | |
| Red Hat OpenLDAP Servers | =2.0.16 | |
| Red Hat OpenLDAP Servers | =1.2.8 | |
| Red Hat OpenLDAP Servers | =2.0.11_11s | |
| Red Hat OpenLDAP Servers | =1.2.9 | |
| Red Hat OpenLDAP Servers | =2.0.19 | |
| Red Hat OpenLDAP Servers | =1.2.13 | |
| Red Hat OpenLDAP Servers | =2.0.10 | |
| Red Hat OpenLDAP Servers | =2.0.1 | |
| Red Hat OpenLDAP Servers | =2.0 | |
| Red Hat OpenLDAP Servers | =2.0.23 | |
| Red Hat OpenLDAP Servers | =1.2.5 | |
| Red Hat OpenLDAP Servers | =1.0.3 | |
| Red Hat OpenLDAP Servers | =2.1.11 | |
| Red Hat OpenLDAP Servers | =2.0.8 | |
| Red Hat OpenLDAP Servers | =2.1.13 | |
| Red Hat OpenLDAP Servers | =2.0.18 | |
| Red Hat OpenLDAP Servers | =1.2 | |
| Red Hat OpenLDAP Servers | =2.1.16 | |
| Red Hat OpenLDAP Servers | =2.0.5 | |
| Red Hat OpenLDAP Servers | =1.1.3 | |
| Red Hat OpenLDAP Servers | =2.0.11 | |
| Red Hat OpenLDAP Servers | =2.0.6 | |
| Red Hat OpenLDAP Servers | =2.0.17 | |
| Red Hat OpenLDAP Servers | =2.1.4 | |
| Red Hat OpenLDAP Servers | =1.2.3 | |
| Red Hat OpenLDAP Servers | =2.1.18 | |
| Red Hat OpenLDAP Servers | =2.0.21 | |
| Apple iOS and macOS | =10.2.8 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.5 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.3.4 | |
| Apple iOS and macOS | =10.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/advisories/7148
- http://www.auscert.org.au/render.html?it=4363
- http://www.securityfocus.com/bid/11137
- http://secunia.com/advisories/12491/
- http://www.redhat.com/support/errata/RHSA-2005-751.html
- http://secunia.com/advisories/17233
- http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
- http://secunia.com/advisories/21520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17300
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703
Frequently Asked Questions
What is the severity of CVE-2004-0823?
CVE-2004-0823 has been classified as a medium severity vulnerability due to the potential for hashed passwords to be misused by remote attackers.
How do I fix CVE-2004-0823?
To fix CVE-2004-0823, it is recommended to upgrade OpenLDAP to version 2.1.20 or newer, which addresses this vulnerability.
What versions of OpenLDAP are affected by CVE-2004-0823?
CVE-2004-0823 affects OpenLDAP versions 1.0 through 2.1.19.
What platforms are affected by CVE-2004-0823?
CVE-2004-0823 has been reported on Apple Mac OS X versions 10.3.4 and 10.3.5, among other operating systems.
What type of vulnerability is CVE-2004-0823?
CVE-2004-0823 is an authentication vulnerability that allows the misuse of hashed passwords in the userPassword attribute.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/openldap
- canonical/red hat openldap servers
- version/red hat openldap servers/2.0.2
- version/red hat openldap servers/2.0.11_11
- version/red hat openldap servers/2.1.15
- version/red hat openldap servers/2.1.10
- version/red hat openldap servers/1.2.6
- version/red hat openldap servers/1.1.2
- version/red hat openldap servers/2.0.22
- version/red hat openldap servers/2.0.9
- version/red hat openldap servers/2.1.19
- version/red hat openldap servers/1.0
- version/red hat openldap servers/1.2.7
- version/red hat openldap servers/2.0.15
- version/red hat openldap servers/2.1.14
- version/red hat openldap servers/1.0.2
- version/red hat openldap servers/2.0.14
- version/red hat openldap servers/2.0.7
- version/red hat openldap servers/1.2.11
- version/red hat openldap servers/2.0.13
- version/red hat openldap servers/2.0.27
- version/red hat openldap servers/2.0.11_9
- version/red hat openldap servers/2.1.17
- version/red hat openldap servers/2.0.3
- version/red hat openldap servers/1.2.12
- version/red hat openldap servers/2.0.25
- version/red hat openldap servers/2.1.12
- version/red hat openldap servers/2.0.12
- version/red hat openldap servers/2.1_.20
- version/red hat openldap servers/1.2.1
- version/red hat openldap servers/1.1.4
- version/red hat openldap servers/1.1
- version/red hat openldap servers/1.2.10
- version/red hat openldap servers/1.1.1
- version/red hat openldap servers/2.0.20
- version/red hat openldap servers/1.2.2
- version/red hat openldap servers/1.0.1
- version/red hat openldap servers/1.2.4
- version/red hat openldap servers/2.0.4
- version/red hat openldap servers/2.0.16
- version/red hat openldap servers/1.2.8
- version/red hat openldap servers/2.0.11_11s
- version/red hat openldap servers/1.2.9
- version/red hat openldap servers/2.0.19
- version/red hat openldap servers/1.2.13
- version/red hat openldap servers/2.0.10
- version/red hat openldap servers/2.0.1
- version/red hat openldap servers/2.0
- version/red hat openldap servers/2.0.23
- version/red hat openldap servers/1.2.5
- version/red hat openldap servers/1.0.3
- version/red hat openldap servers/2.1.11
- version/red hat openldap servers/2.0.8
- version/red hat openldap servers/2.1.13
- version/red hat openldap servers/2.0.18
- version/red hat openldap servers/1.2
- version/red hat openldap servers/2.1.16
- version/red hat openldap servers/2.0.5
- version/red hat openldap servers/1.1.3
- version/red hat openldap servers/2.0.11
- version/red hat openldap servers/2.0.6
- version/red hat openldap servers/2.0.17
- version/red hat openldap servers/2.1.4
- version/red hat openldap servers/1.2.3
- version/red hat openldap servers/2.1.18
- version/red hat openldap servers/2.0.21
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.2.8
- version/apple ios and macos/10.3.5
- version/apple ios and macos/10.3.4