PT-2004-1885 · Openldap+1 · Openldap+1

Publicado

2004-09-07

Atualizado

2017-10-11

CVE-2004-0823

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 1.0 through 2.1.19

Description The issue allows certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords. This enables remote attackers to re-use hashed passwords without decrypting them.

Recommendations For OpenLDAP versions 1.0 through 2.1.19, consider updating to a version where this issue is resolved, although the specific fixed version is not provided in the available data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-0823

RHSA-2005:751

RHSA-2005_751

Produtos afetados

Openldap

Red Hat

PT-2004-1885 · Openldap+1 · Openldap+1

CVE-2004-0823

Identificadores relacionados

Produtos afetados

Referências · 14