CVE-2012-2668

OpenLDAP < 2.4.31 - Unintended Weak Cipher Suite Usage via Mozilla NSS Backend

Title source: llm
STIX 2.1

Description

libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.

References (15)

Core 15
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/2
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-36.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1151.html
Various Sources x_refsource_confirm
http://www.openldap.org/its/index.cgi?findid=7285
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/05/4
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=825875
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/06/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027127
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53823
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT210788
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/23
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Dec/26

Scores

EPSS 0.0411
EPSS Percentile 89.6%

Details

CWE
CWE-200
Status published
Products (26)
openldap/openldap 2.4.6
openldap/openldap 2.4.7
openldap/openldap 2.4.8
openldap/openldap 2.4.9
openldap/openldap 2.4.10
openldap/openldap 2.4.11
openldap/openldap 2.4.12
openldap/openldap 2.4.13
openldap/openldap 2.4.14
openldap/openldap 2.4.15
... and 16 more
Published Jun 17, 2012
Tracked Since Feb 18, 2026