First published: Wed Jun 29 2005(Updated: )
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Padl Nss Ldap | ||
Padl Pam Ldap | ||
Openldap Openldap |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.