CVE-2011-2223

Novell Data Synchronizer <1.1.2 - Info Disclosure

Title source: llm

Description

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

References (3)

[Vendor Advisory] http://secunia.com/advisories/45527

[Vendor Advisory] http://www.novell.com/support/viewContent.do?externalId=7009055

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49069

Scores

EPSS 0.0047

EPSS Percentile 64.1%

Classification

CWE

CWE-310

Status draft

Affected Products (8)

novell/data_synchronizer

novell/mobility_pack

Timeline

Published Aug 09, 2011

Tracked Since Feb 18, 2026