CVE-2005-1338

Name of the Vulnerable Software and Affected Versions: Mac OS X version 10.3.9

Description: The issue concerns the storage of initial LDAP passwords for new accounts in plaintext when using an LDAP server that does not utilize ldap extended operation.

Recommendations: For Mac OS X version 10.3.9, consider configuring the LDAP server to use ldap extended operation to prevent plaintext storage of initial passwords. As a temporary workaround, restrict access to sensitive areas of the system where these plaintext passwords might be exposed until a more permanent solution can be implemented.