CVE-2005-2069
padl nss_ldap and pam_ldap - Cleartext Transmission of Sensitive Information via LDAP Referral
Title source: llmDescription
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
References (20)
Core 20
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200507-13.xml
Third Party Advisory x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=96767
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14126
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-751.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21245
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/17692
Patch, Vendor Advisory x_refsource_misc
http://www.openldap.org/its/index.cgi/Incoming?id=3791
Broken Link mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2005-07/0060.html
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
http://bugzilla.padl.com/show_bug.cgi?id=210
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17845
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14125
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9445
Issue Tracking, Vendor Advisory x_refsource_misc
http://bugzilla.padl.com/show_bug.cgi?id=211
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:121
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21520
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-767.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17233
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-152-1
Scores
EPSS
0.0275
EPSS Percentile
84.3%
Details
CWE
CWE-319
Status
published
Products (2)
padl/nss_ldap
padl/pam_ldap
Published
Jun 30, 2005
Tracked Since
Feb 18, 2026