>> OpenLDAP and pam_ldap Password Disclosure Vulnerability
Title : OpenLDAP and pam_ldap Password Disclosure Vulnerability VUPEN ID : VUPEN/ADV-2005-0947 CVE ID : CVE-2005-2069 CWE ID : CWE-
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-07-04
Technical Description
A vulnerability was identified in OpenLDAP and pam_ldap, which could be exploited by attackers to disclose sensitive information. The problem is that OpenLDAP when connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which causes passwords to be sent in cleartext and allows remote attackers to sniff the password.
