CVE-2011-2223
Summary
| CVE | CVE-2011-2223 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-08-09 22:55:00 UTC |
| Updated | 2015-10-29 15:51:00 UTC |
| Description | The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Novell | Data Synchronizer | 1.0.0 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.0 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.1 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.2 | All | All | All |
| Application | Novell | Data Synchronizer | 1.0.0 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.0 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.1 | All | All | All |
| Application | Novell | Data Synchronizer | 1.1.2 | All | All | All |
| Application | Novell | Mobility Pack | 1.0 | All | All | All |
| Application | Novell | Mobility Pack | 1.1 | All | All | All |
| Application | Novell | Mobility Pack | 1.1.1 | All | All | All |
| Application | Novell | Mobility Pack | 1.1.2 | All | All | All |
| Application | Novell | Mobility Pack | 1.0 | All | All | All |
| Application | Novell | Mobility Pack | 1.1 | All | All | All |
| Application | Novell | Mobility Pack | 1.1.1 | All | All | All |
| Application | Novell | Mobility Pack | 1.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Novell Data Synchronizer Mobility Pack Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Novell Data Synchronizer Mobility Pack Multiple Remote Security Vulnerabilities | BID | www.securityfocus.com | |
| Password is exposed in UI and can be seen through a LAN Trace | CONFIRM | www.novell.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.