Descriptionpam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2005:020, published Mon, 12 Sep 2005 13:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:33:05 2013
CVE page last modified: Fri Oct 7 12:45:31 2022