Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2005-2069

Published: 30/06/2005 Updated: 16/11/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Nss Ldap

Vulnerability Summary

pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote malicious users to sniff the password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

padl nss_ldap -

padl pam_ldap -

Vendor Advisories

Ubuntu Security Notice: openldap2, libpam-ldap, libnss-ldap vulnerabilities
Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server This caused passwords and other confident information to be transmitted unencrypted between the slave and the master ...
Red Hat: openldap and nss_ldap security update
Synopsis openldap and nss_ldap security update Type/Severity Security Advisory: Moderate Topic Updated openldap and nss_ldap packages that correct a potential password disclosure issue and possible authentication vulnerability are now available This update has been rated as having moderate security impact ...
Red Hat: openldap and nss_ldap security update
Synopsis openldap and nss_ldap security update Type/Severity Security Advisory: Moderate Topic Updated openldap and nss_ldap packages that correct a potential password disclosure issue are now availableThis update has been rated as having moderate security impact by the Red Hat Security Response Team ...

References

CWE-319http://www.openldap.org/its/index.cgi/Incoming?id=3791http://bugzilla.padl.com/show_bug.cgi?id=210https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990http://bugzilla.padl.com/show_bug.cgi?id=211http://bugs.gentoo.org/show_bug.cgi?id=96767http://www.redhat.com/support/errata/RHSA-2005-751.htmlhttp://www.redhat.com/support/errata/RHSA-2005-767.htmlhttp://secunia.com/advisories/17233http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200507-13.xmlhttp://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121http://www.ubuntu.com/usn/usn-152-1http://www.securityfocus.com/bid/14125http://www.securityfocus.com/bid/14126http://www.osvdb.org/17692http://secunia.com/advisories/17845http://support.avaya.com/elmodocs2/security/ASA-2006-157.htmhttp://secunia.com/advisories/21520https://exchange.xforce.ibmcloud.com/vulnerabilities/21245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9445https://usn.ubuntu.com/152-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook