CVE-2004-0823
First published: Tue Sep 07 2004(Updated: )
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenLDAP | =2.0.2 | |
| OpenLDAP | =2.0.11_11 | |
| OpenLDAP | =2.1.15 | |
| OpenLDAP | =2.1.10 | |
| OpenLDAP | =1.2.6 | |
| OpenLDAP | =1.1.2 | |
| OpenLDAP | =2.0.22 | |
| OpenLDAP | =2.0.9 | |
| OpenLDAP | =2.1.19 | |
| OpenLDAP | =1.0 | |
| OpenLDAP | =1.2.7 | |
| OpenLDAP | =2.0.15 | |
| OpenLDAP | =2.1.14 | |
| OpenLDAP | =1.0.2 | |
| OpenLDAP | =2.0.14 | |
| OpenLDAP | =2.0.7 | |
| OpenLDAP | =1.2.11 | |
| OpenLDAP | =2.0.13 | |
| OpenLDAP | =2.0.27 | |
| OpenLDAP | =2.0.11_9 | |
| OpenLDAP | =2.1.17 | |
| OpenLDAP | =2.0.3 | |
| OpenLDAP | =1.2.12 | |
| OpenLDAP | =2.0.25 | |
| OpenLDAP | =2.1.12 | |
| OpenLDAP | =2.0.12 | |
| OpenLDAP | =2.1_.20 | |
| OpenLDAP | =1.2.1 | |
| OpenLDAP | =1.1.4 | |
| OpenLDAP | =1.1 | |
| OpenLDAP | =1.2.10 | |
| OpenLDAP | =1.1.1 | |
| OpenLDAP | =2.0.20 | |
| OpenLDAP | =1.2.2 | |
| OpenLDAP | =1.0.1 | |
| OpenLDAP | =1.2.4 | |
| OpenLDAP | =2.0.4 | |
| OpenLDAP | =2.0.16 | |
| OpenLDAP | =1.2.8 | |
| OpenLDAP | =2.0.11_11s | |
| OpenLDAP | =1.2.9 | |
| OpenLDAP | =2.0.19 | |
| OpenLDAP | =1.2.13 | |
| OpenLDAP | =2.0.10 | |
| OpenLDAP | =2.0.1 | |
| OpenLDAP | =2.0 | |
| OpenLDAP | =2.0.23 | |
| OpenLDAP | =1.2.5 | |
| OpenLDAP | =1.0.3 | |
| OpenLDAP | =2.1.11 | |
| OpenLDAP | =2.0.8 | |
| OpenLDAP | =2.1.13 | |
| OpenLDAP | =2.0.18 | |
| OpenLDAP | =1.2 | |
| OpenLDAP | =2.1.16 | |
| OpenLDAP | =2.0.5 | |
| OpenLDAP | =1.1.3 | |
| OpenLDAP | =2.0.11 | |
| OpenLDAP | =2.0.6 | |
| OpenLDAP | =2.0.17 | |
| OpenLDAP | =2.1.4 | |
| OpenLDAP | =1.2.3 | |
| OpenLDAP | =2.1.18 | |
| OpenLDAP | =2.0.21 | |
| macOS Yosemite | =10.2.8 | |
| Apple Mac OS X Server | =10.3.5 | |
| macOS Yosemite | =10.3.5 | |
| Apple Mac OS X Server | =10.3.4 | |
| macOS Yosemite | =10.3.4 | |
| Apple Mac OS X Server | =10.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/advisories/7148
- http://www.auscert.org.au/render.html?it=4363
- http://www.securityfocus.com/bid/11137
- http://secunia.com/advisories/12491/
- http://www.redhat.com/support/errata/RHSA-2005-751.html
- http://secunia.com/advisories/17233
- http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
- http://secunia.com/advisories/21520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17300
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/openldap
- canonical/openldap
- version/openldap/2.0.2
- version/openldap/2.0.11_11
- version/openldap/2.1.15
- version/openldap/2.1.10
- version/openldap/1.2.6
- version/openldap/1.1.2
- version/openldap/2.0.22
- version/openldap/2.0.9
- version/openldap/2.1.19
- version/openldap/1.0
- version/openldap/1.2.7
- version/openldap/2.0.15
- version/openldap/2.1.14
- version/openldap/1.0.2
- version/openldap/2.0.14
- version/openldap/2.0.7
- version/openldap/1.2.11
- version/openldap/2.0.13
- version/openldap/2.0.27
- version/openldap/2.0.11_9
- version/openldap/2.1.17
- version/openldap/2.0.3
- version/openldap/1.2.12
- version/openldap/2.0.25
- version/openldap/2.1.12
- version/openldap/2.0.12
- version/openldap/2.1_.20
- version/openldap/1.2.1
- version/openldap/1.1.4
- version/openldap/1.1
- version/openldap/1.2.10
- version/openldap/1.1.1
- version/openldap/2.0.20
- version/openldap/1.2.2
- version/openldap/1.0.1
- version/openldap/1.2.4
- version/openldap/2.0.4
- version/openldap/2.0.16
- version/openldap/1.2.8
- version/openldap/2.0.11_11s
- version/openldap/1.2.9
- version/openldap/2.0.19
- version/openldap/1.2.13
- version/openldap/2.0.10
- version/openldap/2.0.1
- version/openldap/2.0
- version/openldap/2.0.23
- version/openldap/1.2.5
- version/openldap/1.0.3
- version/openldap/2.1.11
- version/openldap/2.0.8
- version/openldap/2.1.13
- version/openldap/2.0.18
- version/openldap/1.2
- version/openldap/2.1.16
- version/openldap/2.0.5
- version/openldap/1.1.3
- version/openldap/2.0.11
- version/openldap/2.0.6
- version/openldap/2.0.17
- version/openldap/2.1.4
- version/openldap/1.2.3
- version/openldap/2.1.18
- version/openldap/2.0.21
- vendor/apple
- canonical/macos yosemite
- version/macos yosemite/10.2.8
- canonical/apple mac os x server
- version/apple mac os x server/10.3.5
- version/macos yosemite/10.3.5
- version/apple mac os x server/10.3.4
- version/macos yosemite/10.3.4
- version/apple mac os x server/10.2.8