CVE-2004-0823

Sažetak

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.

Reference

http://secunia.com/advisories/12491/
http://secunia.com/advisories/17233
http://secunia.com/advisories/21520
http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
http://www.auscert.org.au/render.html?it=4363
http://www.redhat.com/support/errata/RHSA-2005-751.html
http://www.securityfocus.com/advisories/7148
http://www.securityfocus.com/bid/11137
https://exchange.xforce.ibmcloud.com/vulnerabilities/17300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

07-09-2004 - 04:00