CVE-2005-2069
Summary
| CVE | CVE-2005-2069 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-06-30 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Fedora update for openldap - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| usn/usn-152-1 - Ubuntu Linux | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | Third Party Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Third Party Advisory |
| Gentoo Linux Documentation -- pam_ldap and nss_ldap: Plain text authentication leak | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | Third Party Advisory |
| 161990 – openldap password disclosure issue | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| Secunia - Advisories - Red Hat update for openldap / nss_ldap | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| www.osvdb.org/17692 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | Broken Link |
| Bug 210 - ssl start_tls not honoured when chasing referrals | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.padl.com | Issue Tracking, Patch, Vendor Advisory |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | Third Party Advisory |
| archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Broken Link |
| ASA-2006-157 (RHSA-2005-751) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | Third Party Advisory |
| Gentoo Bug 96767 - sys-auth/{pam_ldap|nss_ldap} not using tls for referred connections | af854a3a-2127-422b-91ae-364da2661108 | bugs.gentoo.org | Third Party Advisory |
| Advisories - Mandriva | af854a3a-2127-422b-91ae-364da2661108 | wwwnew.mandriva.com | Third Party Advisory |
| OpenLDAP ITS - Incoming/3791 | af854a3a-2127-422b-91ae-364da2661108 | www.openldap.org | Patch, Vendor Advisory |
| Avaya Products Multiple Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Third Party Advisory |
| OpenLDAP TLS Plaintext Password Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| PADL Software PAM_LDAP TLS Plaintext Password Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| bugzilla.padl.com/show_bug.cgi | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.padl.com | Issue Tracking, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-03-14 | Mark J Cox | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |