New Search

pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

oval:org.mitre.oval:def:9445

pam_ldap and nss_ldap when used with OpenLDAP and connecting to a slave using TLS does not use TLS for the subsequent connection if the client is referred to a master which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Oracle Linux 4
  • CentOS Linux 3
  • Red Hat Enterprise Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2005-2069
Product(s):