Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2004-0823 (GCVE-0-2004-0823)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:31
VLAI
EPSS
Summary
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://support.avaya.com/elmodocs2/security/ASA-2… | x_refsource_CONFIRM |
| http://www.redhat.com/support/errata/RHSA-2005-751.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/12491/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/11137 | vdb-entryx_refsource_BID |
| http://www.auscert.org.au/render.html?it=4363 | third-party-advisoryx_refsource_AUSCERT |
| http://secunia.com/advisories/21520 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/advisories/7148 | vendor-advisoryx_refsource_APPLE |
| http://secunia.com/advisories/17233 | third-party-advisoryx_refsource_SECUNIA |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
Date Public
2004-09-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:47.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openldap-crypt-gain-access(17300)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"name": "RHSA-2005:751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"name": "12491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12491/"
},
{
"name": "11137",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11137"
},
{
"name": "ESB-2004.0559",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"name": "21520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21520"
},
{
"name": "APPLE-SA-2004-09-07",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "17233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17233"
},
{
"name": "oval:org.mitre.oval:def:10703",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openldap-crypt-gain-access(17300)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"name": "RHSA-2005:751",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"name": "12491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12491/"
},
{
"name": "11137",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11137"
},
{
"name": "ESB-2004.0559",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"name": "21520",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21520"
},
{
"name": "APPLE-SA-2004-09-07",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "17233",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17233"
},
{
"name": "oval:org.mitre.oval:def:10703",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openldap-crypt-gain-access(17300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"name": "RHSA-2005:751",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"name": "12491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12491/"
},
{
"name": "11137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11137"
},
{
"name": "ESB-2004.0559",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"name": "21520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21520"
},
{
"name": "APPLE-SA-2004-09-07",
"refsource": "APPLE",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "17233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17233"
},
{
"name": "oval:org.mitre.oval:def:10703",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0823",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:31:47.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2004-0823",
"date": "2026-06-30",
"epss": "0.02739",
"percentile": "0.84299"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2004-0823\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-09-07T04:00:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"086DC60F-F530-4515-8F3D-87F30DB9B322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D538927-82D5-476E-9C85-2E9297316D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A904832-A6D6-45D4-B07C-79ED1FE47A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB554A4-EEC2-4E17-9F32-27A580B9E389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191DB249-6A73-4561-8CCA-565D1525CB31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A5D9A5-FB1D-4ACF-846A-4DB73196122C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41400CE6-FA51-435C-93F7-B31FE42F18AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6022ABEB-6825-4A5F-9884-74F94C2387F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F15789-334D-460D-B5B3-FCC71087D107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F77B1548-BB6D-4618-AE7B-E97F91A0AF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7064C52-1211-42B8-BF1F-C22D800AED07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CD95826-E44A-48C6-BAAB-77A905CAE6B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEEA6BB6-41FC-4F15-A95F-9B052F062454\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90766C1-6DBD-435C-85E1-920DAFA26D67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CD13DAE-9588-4540-9183-FB80C507F985\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"526366F3-52F0-4816-A356-8F39B718C048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC07AD0D-5DF9-41A4-8592-CEFF1842355D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30017C56-42A9-4AF9-B5B3-7357E424F837\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A51F38-3F5A-4F6D-93EE-776B5C2FF48F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DBEC27E-3220-42CE-B6CC-675F387CB506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E641DFFB-CBAF-4DCF-944F-443CFF836A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A552E270-5C9C-40DC-B23D-97C8D995B8FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53DF812C-E1F8-46D3-A072-3FBE696ADC33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"552F2E25-DDB8-49A6-844A-8520696DBE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D75A36-41C4-464F-8DC4-42C841ABC087\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C3EE919-D05C-4625-85FE-132F6F2B932C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D99A58-8D7E-4586-A9BF-1DD2A1DBB8D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEBA0118-545E-4D7B-B819-34D157B2BA6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67826609-F4CA-42CB-A5D0-B4503DDE2C92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61676BBD-95B8-44C9-BD66-79F00381BF86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"719A9B1D-8E32-461F-BCD4-F72C6AD3E63E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD73969-39F8-4849-AF6A-15ACDC2E4537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB8C1DD2-865A-4CF2-8137-3C40C01C9EAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE38B045-2224-43D1-8618-0885505865C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D26DAC5-EDBD-42D8-A877-1E6EA666D72B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7AE325E-514C-40A1-AA56-D605377B5D90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19397A11-E549-4F31-8007-8D5F3C0AABB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C659213-271D-4F22-AE14-A1646A612D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67B0A2B6-C560-4AE0-BC79-3C7BC9163EE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"566406CE-368A-4799-A112-E5DFC5B333D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5CCC734-C15B-4D2B-BF83-F214F807C44E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64796893-A90D-4B7D-BDBC-0087B57AF7E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39914C6A-F4DB-43CC-B2B6-097365E55D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BFDD8F7-AAFD-453F-99A4-F9C0424EA791\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BFEEAA6-0B50-4644-A183-F5FEE7BD7EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"920FC1DB-95E2-4367-BF20-77D75BD7617D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E643F8-005A-4170-8275-8E4AB5C25209\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A34C63-C17D-4026-B409-AA9A56529B87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA863B0-A6AB-44BD-84E8-B6C885EFFE10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24BFAEC7-6256-4B8F-83F5-60FBD1571936\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"734B8101-BEAC-40AB-81EA-2516CA20BC93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA73658A-8834-4EC2-8D8F-3A7D1C834669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B298BAA-5584-4193-A3DB-31FBB0BD12B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7951BAAB-CB06-4F19-891A-E07E2B3C8701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EC30A1-4150-44DC-89F7-5A64B8CC4A84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DF04D97-A561-427B-9891-A1423B86F164\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E74B0C8-2D64-4BF2-B152-87909E3029EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88F6CA0B-ED91-4085-8EE0-1F4256747621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B90657E7-D651-4E1E-8035-13A1F024E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BBE5477-BE27-412A-9BA9-9690F746B4F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31300FA3-C57D-4564-927E-B06C0229BE8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"342E414D-8ED6-4E5A-88F0-57B5846A3EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C0BD0FD-BD80-4197-8479-BBB070DAB890\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8BCFC49-6505-4713-A06C-A64782A34414\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB461678-560D-436E-A3AE-9E1E16DB0412\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421079DA-B605-4E05-9454-C30CF7631CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93B734BA-3435-40A9-B22B-5D56CEB865A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38F17066-C090-4DD7-A1AC-D8FF70D268CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA6BD2A-3022-408D-8E4F-50865996E965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"463D5628-7536-4029-99D6-5E525050059E\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/12491/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17233\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21520\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.auscert.org.au/render.html?it=4363\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-751.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/advisories/7148\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/11137\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17300\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/12491/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/17233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.auscert.org.au/render.html?it=4363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-751.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/advisories/7148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/11137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2004-0823
Vulnerability from fkie_nvd - Published: 2004-09-07 04:00 - Updated: 2026-06-16 22:06
Severity
Summary
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
References
Impacted products
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "086DC60F-F530-4515-8F3D-87F30DB9B322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D538927-82D5-476E-9C85-2E9297316D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A904832-A6D6-45D4-B07C-79ED1FE47A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB554A4-EEC2-4E17-9F32-27A580B9E389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "191DB249-6A73-4561-8CCA-565D1525CB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34A5D9A5-FB1D-4ACF-846A-4DB73196122C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41400CE6-FA51-435C-93F7-B31FE42F18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6022ABEB-6825-4A5F-9884-74F94C2387F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F15789-334D-460D-B5B3-FCC71087D107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F77B1548-BB6D-4618-AE7B-E97F91A0AF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7064C52-1211-42B8-BF1F-C22D800AED07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD95826-E44A-48C6-BAAB-77A905CAE6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEA6BB6-41FC-4F15-A95F-9B052F062454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E90766C1-6DBD-435C-85E1-920DAFA26D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD13DAE-9588-4540-9183-FB80C507F985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "526366F3-52F0-4816-A356-8F39B718C048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC07AD0D-5DF9-41A4-8592-CEFF1842355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "30017C56-42A9-4AF9-B5B3-7357E424F837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A51F38-3F5A-4F6D-93EE-776B5C2FF48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBEC27E-3220-42CE-B6CC-675F387CB506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E641DFFB-CBAF-4DCF-944F-443CFF836A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A552E270-5C9C-40DC-B23D-97C8D995B8FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "53DF812C-E1F8-46D3-A072-3FBE696ADC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "552F2E25-DDB8-49A6-844A-8520696DBE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03D75A36-41C4-464F-8DC4-42C841ABC087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3EE919-D05C-4625-85FE-132F6F2B932C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20D99A58-8D7E-4586-A9BF-1DD2A1DBB8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBA0118-545E-4D7B-B819-34D157B2BA6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67826609-F4CA-42CB-A5D0-B4503DDE2C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "61676BBD-95B8-44C9-BD66-79F00381BF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "719A9B1D-8E32-461F-BCD4-F72C6AD3E63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD73969-39F8-4849-AF6A-15ACDC2E4537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8C1DD2-865A-4CF2-8137-3C40C01C9EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EE38B045-2224-43D1-8618-0885505865C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5D26DAC5-EDBD-42D8-A877-1E6EA666D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AE325E-514C-40A1-AA56-D605377B5D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*",
"matchCriteriaId": "19397A11-E549-4F31-8007-8D5F3C0AABB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*",
"matchCriteriaId": "1C659213-271D-4F22-AE14-A1646A612D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "67B0A2B6-C560-4AE0-BC79-3C7BC9163EE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "566406CE-368A-4799-A112-E5DFC5B333D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CCC734-C15B-4D2B-BF83-F214F807C44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "64796893-A90D-4B7D-BDBC-0087B57AF7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "39914C6A-F4DB-43CC-B2B6-097365E55D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5BFDD8F7-AAFD-453F-99A4-F9C0424EA791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFEEAA6-0B50-4644-A183-F5FEE7BD7EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "920FC1DB-95E2-4367-BF20-77D75BD7617D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "28E643F8-005A-4170-8275-8E4AB5C25209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A34C63-C17D-4026-B409-AA9A56529B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA863B0-A6AB-44BD-84E8-B6C885EFFE10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "24BFAEC7-6256-4B8F-83F5-60FBD1571936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "734B8101-BEAC-40AB-81EA-2516CA20BC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "AA73658A-8834-4EC2-8D8F-3A7D1C834669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B298BAA-5584-4193-A3DB-31FBB0BD12B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7951BAAB-CB06-4F19-891A-E07E2B3C8701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82EC30A1-4150-44DC-89F7-5A64B8CC4A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9DF04D97-A561-427B-9891-A1423B86F164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E74B0C8-2D64-4BF2-B152-87909E3029EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "88F6CA0B-ED91-4085-8EE0-1F4256747621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B90657E7-D651-4E1E-8035-13A1F024E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7BBE5477-BE27-412A-9BA9-9690F746B4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "31300FA3-C57D-4564-927E-B06C0229BE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "342E414D-8ED6-4E5A-88F0-57B5846A3EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0BD0FD-BD80-4197-8479-BBB070DAB890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E8BCFC49-6505-4713-A06C-A64782A34414",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB461678-560D-436E-A3AE-9E1E16DB0412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "38F17066-C090-4DD7-A1AC-D8FF70D268CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA6BD2A-3022-408D-8E4F-50865996E965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "463D5628-7536-4029-99D6-5E525050059E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them."
}
],
"id": "CVE-2004-0823",
"lastModified": "2026-06-16T22:06:27.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12491/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17233"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21520"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11137"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12491/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-7RR4-25H7-4MJ3
Vulnerability from github – Published: 2022-04-29 02:58 – Updated: 2025-04-03 04:00
VLAI
Details
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
{
"affected": [],
"aliases": [
"CVE-2004-0823"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2004-09-07T04:00:00Z",
"severity": "HIGH"
},
"details": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.",
"id": "GHSA-7rr4-25h7-4mj3",
"modified": "2025-04-03T04:00:59Z",
"published": "2022-04-29T02:58:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0823"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/12491"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/17233"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21520"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"type": "WEB",
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/11137"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2004-0823
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2004-0823",
"description": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.",
"id": "GSD-2004-0823",
"references": [
"https://access.redhat.com/errata/RHSA-2005:751"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2004-0823"
],
"details": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.",
"id": "GSD-2004-0823",
"modified": "2023-12-13T01:22:55.000392Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openldap-crypt-gain-access(17300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"name": "RHSA-2005:751",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"name": "12491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12491/"
},
{
"name": "11137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11137"
},
{
"name": "ESB-2004.0559",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"name": "21520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21520"
},
{
"name": "APPLE-SA-2004-09-07",
"refsource": "APPLE",
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "17233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17233"
},
{
"name": "oval:org.mitre.oval:def:10703",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0823"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-09-07",
"refsource": "APPLE",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"name": "ESB-2004.0559",
"refsource": "AUSCERT",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"name": "11137",
"refsource": "BID",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11137"
},
{
"name": "12491",
"refsource": "SECUNIA",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12491/"
},
{
"name": "RHSA-2005:751",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2005-751.html"
},
{
"name": "17233",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/17233"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm"
},
{
"name": "21520",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/21520"
},
{
"name": "openldap-crypt-gain-access(17300)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"name": "oval:org.mitre.oval:def:10703",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-10-11T01:29Z",
"publishedDate": "2004-09-07T04:00Z"
}
}
}
RHSA-2005:751
Vulnerability from csaf_redhat - Published: 2005-10-17 07:38 - Updated: 2026-06-25 10:32Summary
Red Hat Security Advisory: openldap and nss_ldap security update
Severity
Moderate
Notes
Topic: Updated openldap and nss_ldap packages that correct a potential password
disclosure issue are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details: OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.
The nss_ldap module is an extension for use with GNU libc which allows
applications to, without internal modification, consult a directory service
using LDAP to supplement information that would be read from local files
such as /etc/passwd, /etc/group, and /etc/shadow.
A bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP
servers. If a client connection is referred to a different server, it is
possible that the referred connection will not be encrypted even if the
client has "ssl start_tls" in its ldap.conf file. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2005-2069
to this issue.
A bug was also found in the way certain OpenLDAP authentication schemes
store hashed passwords. A remote attacker could re-use a hashed password to
gain access to unauthorized resources. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-0823 to this issue.
All users of OpenLDAP and nss_ldap are advised to upgrade to these updated
packages, which contain backported fixes that resolve these issues.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Affected products
Fixed
105 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 3AS:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3AS:openldap-servers-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3Desktop:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3ES:openldap-servers-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:nss_ldap-debuginfo-0:207-17.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-clients-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-debuginfo-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 3WS:openldap-devel-0:2.0.27-20.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated openldap and nss_ldap packages that correct a potential password \ndisclosure issue are now available.\n \nThis update has been rated as having moderate security impact by the Red \nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access\nProtocol) applications and development tools.\n\nThe nss_ldap module is an extension for use with GNU libc which allows\napplications to, without internal modification, consult a directory service\nusing LDAP to supplement information that would be read from local files\nsuch as /etc/passwd, /etc/group, and /etc/shadow.\n\nA bug was found in the way OpenLDAP, nss_ldap, and pam_ldap refer LDAP\nservers. If a client connection is referred to a different server, it is\npossible that the referred connection will not be encrypted even if the\nclient has \"ssl start_tls\" in its ldap.conf file. The Common\nVulnerabilities and Exposures project has assigned the name CAN-2005-2069\nto this issue.\n\nA bug was also found in the way certain OpenLDAP authentication schemes\nstore hashed passwords. A remote attacker could re-use a hashed password to\ngain access to unauthorized resources. The Common Vulnerabilities and\nExposures project has assigned the name CAN-2004-0823 to this issue.\n\nAll users of OpenLDAP and nss_ldap are advised to upgrade to these updated\npackages, which contain backported fixes that resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2005:751",
"url": "https://access.redhat.com/errata/RHSA-2005:751"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://marc.theaimsgroup.com/?l=pamldap\u0026m=112432721728160\u0026w=2",
"url": "http://marc.theaimsgroup.com/?l=pamldap\u0026m=112432721728160\u0026w=2"
},
{
"category": "external",
"summary": "156386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=156386"
},
{
"category": "external",
"summary": "162482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=162482"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_751.json"
}
],
"title": "Red Hat Security Advisory: openldap and nss_ldap security update",
"tracking": {
"current_release_date": "2026-06-25T10:32:48+00:00",
"generator": {
"date": "2026-06-25T10:32:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.1.0"
}
},
"id": "RHSA-2005:751",
"initial_release_date": "2005-10-17T07:38:00+00:00",
"revision_history": [
{
"date": "2005-10-17T07:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2005-10-17T00:00:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-25T10:32:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.ia64",
"product": {
"name": "openldap-devel-0:2.0.27-20.ia64",
"product_id": "openldap-devel-0:2.0.27-20.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.ia64",
"product": {
"name": "openldap-clients-0:2.0.27-20.ia64",
"product_id": "openldap-clients-0:2.0.27-20.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.ia64",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.ia64",
"product_id": "openldap-debuginfo-0:2.0.27-20.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.ia64",
"product": {
"name": "openldap-0:2.0.27-20.ia64",
"product_id": "openldap-0:2.0.27-20.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.ia64",
"product": {
"name": "openldap-servers-0:2.0.27-20.ia64",
"product_id": "openldap-servers-0:2.0.27-20.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.ia64",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.ia64",
"product_id": "nss_ldap-debuginfo-0:207-17.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.ia64",
"product": {
"name": "nss_ldap-0:207-17.ia64",
"product_id": "nss_ldap-0:207-17.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.i386",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.i386",
"product_id": "openldap-debuginfo-0:2.0.27-20.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.i386",
"product": {
"name": "openldap-0:2.0.27-20.i386",
"product_id": "openldap-0:2.0.27-20.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.i386",
"product": {
"name": "openldap-devel-0:2.0.27-20.i386",
"product_id": "openldap-devel-0:2.0.27-20.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.i386",
"product": {
"name": "openldap-clients-0:2.0.27-20.i386",
"product_id": "openldap-clients-0:2.0.27-20.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=i386"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.i386",
"product": {
"name": "openldap-servers-0:2.0.27-20.i386",
"product_id": "openldap-servers-0:2.0.27-20.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=i386"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.i386",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.i386",
"product_id": "nss_ldap-debuginfo-0:207-17.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=i386"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.i386",
"product": {
"name": "nss_ldap-0:207-17.i386",
"product_id": "nss_ldap-0:207-17.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.x86_64",
"product": {
"name": "openldap-devel-0:2.0.27-20.x86_64",
"product_id": "openldap-devel-0:2.0.27-20.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.x86_64",
"product": {
"name": "openldap-clients-0:2.0.27-20.x86_64",
"product_id": "openldap-clients-0:2.0.27-20.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.x86_64",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.x86_64",
"product_id": "openldap-debuginfo-0:2.0.27-20.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.x86_64",
"product": {
"name": "openldap-0:2.0.27-20.x86_64",
"product_id": "openldap-0:2.0.27-20.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.x86_64",
"product": {
"name": "openldap-servers-0:2.0.27-20.x86_64",
"product_id": "openldap-servers-0:2.0.27-20.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.x86_64",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.x86_64",
"product_id": "nss_ldap-debuginfo-0:207-17.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.x86_64",
"product": {
"name": "nss_ldap-0:207-17.x86_64",
"product_id": "nss_ldap-0:207-17.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.src",
"product": {
"name": "openldap-0:2.0.27-20.src",
"product_id": "openldap-0:2.0.27-20.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=src"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.src",
"product": {
"name": "nss_ldap-0:207-17.src",
"product_id": "nss_ldap-0:207-17.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.ppc",
"product": {
"name": "openldap-devel-0:2.0.27-20.ppc",
"product_id": "openldap-devel-0:2.0.27-20.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.ppc",
"product": {
"name": "openldap-clients-0:2.0.27-20.ppc",
"product_id": "openldap-clients-0:2.0.27-20.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.ppc",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.ppc",
"product_id": "openldap-debuginfo-0:2.0.27-20.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.ppc",
"product": {
"name": "openldap-0:2.0.27-20.ppc",
"product_id": "openldap-0:2.0.27-20.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.ppc",
"product": {
"name": "openldap-servers-0:2.0.27-20.ppc",
"product_id": "openldap-servers-0:2.0.27-20.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.ppc",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.ppc",
"product_id": "nss_ldap-debuginfo-0:207-17.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.ppc",
"product": {
"name": "nss_ldap-0:207-17.ppc",
"product_id": "nss_ldap-0:207-17.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.ppc64",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.ppc64",
"product_id": "openldap-debuginfo-0:2.0.27-20.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.ppc64",
"product": {
"name": "openldap-0:2.0.27-20.ppc64",
"product_id": "openldap-0:2.0.27-20.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.ppc64",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.ppc64",
"product_id": "nss_ldap-debuginfo-0:207-17.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.ppc64",
"product": {
"name": "nss_ldap-0:207-17.ppc64",
"product_id": "nss_ldap-0:207-17.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.s390x",
"product": {
"name": "openldap-devel-0:2.0.27-20.s390x",
"product_id": "openldap-devel-0:2.0.27-20.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.s390x",
"product": {
"name": "openldap-clients-0:2.0.27-20.s390x",
"product_id": "openldap-clients-0:2.0.27-20.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.s390x",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.s390x",
"product_id": "openldap-debuginfo-0:2.0.27-20.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.s390x",
"product": {
"name": "openldap-0:2.0.27-20.s390x",
"product_id": "openldap-0:2.0.27-20.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.s390x",
"product": {
"name": "openldap-servers-0:2.0.27-20.s390x",
"product_id": "openldap-servers-0:2.0.27-20.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.s390x",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.s390x",
"product_id": "nss_ldap-debuginfo-0:207-17.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.s390x",
"product": {
"name": "nss_ldap-0:207-17.s390x",
"product_id": "nss_ldap-0:207-17.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openldap-debuginfo-0:2.0.27-20.s390",
"product": {
"name": "openldap-debuginfo-0:2.0.27-20.s390",
"product_id": "openldap-debuginfo-0:2.0.27-20.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-debuginfo@2.0.27-20?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openldap-0:2.0.27-20.s390",
"product": {
"name": "openldap-0:2.0.27-20.s390",
"product_id": "openldap-0:2.0.27-20.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap@2.0.27-20?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openldap-devel-0:2.0.27-20.s390",
"product": {
"name": "openldap-devel-0:2.0.27-20.s390",
"product_id": "openldap-devel-0:2.0.27-20.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-devel@2.0.27-20?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openldap-clients-0:2.0.27-20.s390",
"product": {
"name": "openldap-clients-0:2.0.27-20.s390",
"product_id": "openldap-clients-0:2.0.27-20.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-clients@2.0.27-20?arch=s390"
}
}
},
{
"category": "product_version",
"name": "openldap-servers-0:2.0.27-20.s390",
"product": {
"name": "openldap-servers-0:2.0.27-20.s390",
"product_id": "openldap-servers-0:2.0.27-20.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openldap-servers@2.0.27-20?arch=s390"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-debuginfo-0:207-17.s390",
"product": {
"name": "nss_ldap-debuginfo-0:207-17.s390",
"product_id": "nss_ldap-debuginfo-0:207-17.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap-debuginfo@207-17?arch=s390"
}
}
},
{
"category": "product_version",
"name": "nss_ldap-0:207-17.s390",
"product": {
"name": "nss_ldap-0:207-17.s390",
"product_id": "nss_ldap-0:207-17.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nss_ldap@207-17?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.i386"
},
"product_reference": "nss_ldap-0:207-17.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.ia64"
},
"product_reference": "nss_ldap-0:207-17.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.ppc"
},
"product_reference": "nss_ldap-0:207-17.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.ppc64"
},
"product_reference": "nss_ldap-0:207-17.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.s390"
},
"product_reference": "nss_ldap-0:207-17.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.s390x"
},
"product_reference": "nss_ldap-0:207-17.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.src"
},
"product_reference": "nss_ldap-0:207-17.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-0:207-17.x86_64"
},
"product_reference": "nss_ldap-0:207-17.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.i386"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.ia64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.ppc"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.ppc64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.s390"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.s390x"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:nss_ldap-debuginfo-0:207-17.x86_64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.i386"
},
"product_reference": "openldap-0:2.0.27-20.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.ia64"
},
"product_reference": "openldap-0:2.0.27-20.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.ppc"
},
"product_reference": "openldap-0:2.0.27-20.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.ppc64"
},
"product_reference": "openldap-0:2.0.27-20.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.s390"
},
"product_reference": "openldap-0:2.0.27-20.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.s390x"
},
"product_reference": "openldap-0:2.0.27-20.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.src"
},
"product_reference": "openldap-0:2.0.27-20.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.i386"
},
"product_reference": "openldap-clients-0:2.0.27-20.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.ia64"
},
"product_reference": "openldap-clients-0:2.0.27-20.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.ppc"
},
"product_reference": "openldap-clients-0:2.0.27-20.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.s390"
},
"product_reference": "openldap-clients-0:2.0.27-20.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.s390x"
},
"product_reference": "openldap-clients-0:2.0.27-20.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-clients-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-clients-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.i386"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.ia64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.ppc"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.ppc64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.ppc64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.ppc64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.s390"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.s390x"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-debuginfo-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.i386"
},
"product_reference": "openldap-devel-0:2.0.27-20.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.ia64"
},
"product_reference": "openldap-devel-0:2.0.27-20.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.ppc"
},
"product_reference": "openldap-devel-0:2.0.27-20.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.s390"
},
"product_reference": "openldap-devel-0:2.0.27-20.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.s390x"
},
"product_reference": "openldap-devel-0:2.0.27-20.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-devel-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-devel-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.i386"
},
"product_reference": "openldap-servers-0:2.0.27-20.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.ia64"
},
"product_reference": "openldap-servers-0:2.0.27-20.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.ppc"
},
"product_reference": "openldap-servers-0:2.0.27-20.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.s390"
},
"product_reference": "openldap-servers-0:2.0.27-20.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.s390x"
},
"product_reference": "openldap-servers-0:2.0.27-20.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:openldap-servers-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-servers-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:nss_ldap-0:207-17.i386"
},
"product_reference": "nss_ldap-0:207-17.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:nss_ldap-0:207-17.src"
},
"product_reference": "nss_ldap-0:207-17.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:nss_ldap-0:207-17.x86_64"
},
"product_reference": "nss_ldap-0:207-17.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:nss_ldap-debuginfo-0:207-17.i386"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:nss_ldap-debuginfo-0:207-17.x86_64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-0:2.0.27-20.i386"
},
"product_reference": "openldap-0:2.0.27-20.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-0:2.0.27-20.src"
},
"product_reference": "openldap-0:2.0.27-20.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-clients-0:2.0.27-20.i386"
},
"product_reference": "openldap-clients-0:2.0.27-20.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-clients-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-clients-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-debuginfo-0:2.0.27-20.i386"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-devel-0:2.0.27-20.i386"
},
"product_reference": "openldap-devel-0:2.0.27-20.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:openldap-devel-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-devel-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-0:207-17.i386"
},
"product_reference": "nss_ldap-0:207-17.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-0:207-17.ia64"
},
"product_reference": "nss_ldap-0:207-17.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-0:207-17.src"
},
"product_reference": "nss_ldap-0:207-17.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-0:207-17.x86_64"
},
"product_reference": "nss_ldap-0:207-17.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-debuginfo-0:207-17.i386"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-debuginfo-0:207-17.ia64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:nss_ldap-debuginfo-0:207-17.x86_64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-0:2.0.27-20.i386"
},
"product_reference": "openldap-0:2.0.27-20.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-0:2.0.27-20.ia64"
},
"product_reference": "openldap-0:2.0.27-20.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-0:2.0.27-20.src"
},
"product_reference": "openldap-0:2.0.27-20.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-clients-0:2.0.27-20.i386"
},
"product_reference": "openldap-clients-0:2.0.27-20.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-clients-0:2.0.27-20.ia64"
},
"product_reference": "openldap-clients-0:2.0.27-20.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-clients-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-clients-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-debuginfo-0:2.0.27-20.i386"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-debuginfo-0:2.0.27-20.ia64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-debuginfo-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-devel-0:2.0.27-20.i386"
},
"product_reference": "openldap-devel-0:2.0.27-20.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-devel-0:2.0.27-20.ia64"
},
"product_reference": "openldap-devel-0:2.0.27-20.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-devel-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-devel-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-servers-0:2.0.27-20.i386"
},
"product_reference": "openldap-servers-0:2.0.27-20.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-servers-0:2.0.27-20.ia64"
},
"product_reference": "openldap-servers-0:2.0.27-20.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-servers-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:openldap-servers-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-servers-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-0:207-17.i386"
},
"product_reference": "nss_ldap-0:207-17.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-0:207-17.ia64"
},
"product_reference": "nss_ldap-0:207-17.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-0:207-17.src"
},
"product_reference": "nss_ldap-0:207-17.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-0:207-17.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-0:207-17.x86_64"
},
"product_reference": "nss_ldap-0:207-17.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-debuginfo-0:207-17.i386"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-debuginfo-0:207-17.ia64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nss_ldap-debuginfo-0:207-17.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:nss_ldap-debuginfo-0:207-17.x86_64"
},
"product_reference": "nss_ldap-debuginfo-0:207-17.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-0:2.0.27-20.i386"
},
"product_reference": "openldap-0:2.0.27-20.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-0:2.0.27-20.ia64"
},
"product_reference": "openldap-0:2.0.27-20.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-0:2.0.27-20.src"
},
"product_reference": "openldap-0:2.0.27-20.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-clients-0:2.0.27-20.i386"
},
"product_reference": "openldap-clients-0:2.0.27-20.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-clients-0:2.0.27-20.ia64"
},
"product_reference": "openldap-clients-0:2.0.27-20.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-clients-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-clients-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-clients-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-debuginfo-0:2.0.27-20.i386"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-debuginfo-0:2.0.27-20.ia64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-debuginfo-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-debuginfo-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-debuginfo-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-devel-0:2.0.27-20.i386"
},
"product_reference": "openldap-devel-0:2.0.27-20.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-devel-0:2.0.27-20.ia64"
},
"product_reference": "openldap-devel-0:2.0.27-20.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openldap-devel-0:2.0.27-20.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:openldap-devel-0:2.0.27-20.x86_64"
},
"product_reference": "openldap-devel-0:2.0.27-20.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2004-0823",
"discovery_date": "2005-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617305"
}
],
"notes": [
{
"category": "description",
"text": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"3AS:nss_ldap-0:207-17.i386",
"3AS:nss_ldap-0:207-17.ia64",
"3AS:nss_ldap-0:207-17.ppc",
"3AS:nss_ldap-0:207-17.ppc64",
"3AS:nss_ldap-0:207-17.s390",
"3AS:nss_ldap-0:207-17.s390x",
"3AS:nss_ldap-0:207-17.src",
"3AS:nss_ldap-0:207-17.x86_64",
"3AS:nss_ldap-debuginfo-0:207-17.i386",
"3AS:nss_ldap-debuginfo-0:207-17.ia64",
"3AS:nss_ldap-debuginfo-0:207-17.ppc",
"3AS:nss_ldap-debuginfo-0:207-17.ppc64",
"3AS:nss_ldap-debuginfo-0:207-17.s390",
"3AS:nss_ldap-debuginfo-0:207-17.s390x",
"3AS:nss_ldap-debuginfo-0:207-17.x86_64",
"3AS:openldap-0:2.0.27-20.i386",
"3AS:openldap-0:2.0.27-20.ia64",
"3AS:openldap-0:2.0.27-20.ppc",
"3AS:openldap-0:2.0.27-20.ppc64",
"3AS:openldap-0:2.0.27-20.s390",
"3AS:openldap-0:2.0.27-20.s390x",
"3AS:openldap-0:2.0.27-20.src",
"3AS:openldap-0:2.0.27-20.x86_64",
"3AS:openldap-clients-0:2.0.27-20.i386",
"3AS:openldap-clients-0:2.0.27-20.ia64",
"3AS:openldap-clients-0:2.0.27-20.ppc",
"3AS:openldap-clients-0:2.0.27-20.s390",
"3AS:openldap-clients-0:2.0.27-20.s390x",
"3AS:openldap-clients-0:2.0.27-20.x86_64",
"3AS:openldap-debuginfo-0:2.0.27-20.i386",
"3AS:openldap-debuginfo-0:2.0.27-20.ia64",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc64",
"3AS:openldap-debuginfo-0:2.0.27-20.s390",
"3AS:openldap-debuginfo-0:2.0.27-20.s390x",
"3AS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3AS:openldap-devel-0:2.0.27-20.i386",
"3AS:openldap-devel-0:2.0.27-20.ia64",
"3AS:openldap-devel-0:2.0.27-20.ppc",
"3AS:openldap-devel-0:2.0.27-20.s390",
"3AS:openldap-devel-0:2.0.27-20.s390x",
"3AS:openldap-devel-0:2.0.27-20.x86_64",
"3AS:openldap-servers-0:2.0.27-20.i386",
"3AS:openldap-servers-0:2.0.27-20.ia64",
"3AS:openldap-servers-0:2.0.27-20.ppc",
"3AS:openldap-servers-0:2.0.27-20.s390",
"3AS:openldap-servers-0:2.0.27-20.s390x",
"3AS:openldap-servers-0:2.0.27-20.x86_64",
"3Desktop:nss_ldap-0:207-17.i386",
"3Desktop:nss_ldap-0:207-17.src",
"3Desktop:nss_ldap-0:207-17.x86_64",
"3Desktop:nss_ldap-debuginfo-0:207-17.i386",
"3Desktop:nss_ldap-debuginfo-0:207-17.x86_64",
"3Desktop:openldap-0:2.0.27-20.i386",
"3Desktop:openldap-0:2.0.27-20.src",
"3Desktop:openldap-0:2.0.27-20.x86_64",
"3Desktop:openldap-clients-0:2.0.27-20.i386",
"3Desktop:openldap-clients-0:2.0.27-20.x86_64",
"3Desktop:openldap-debuginfo-0:2.0.27-20.i386",
"3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64",
"3Desktop:openldap-devel-0:2.0.27-20.i386",
"3Desktop:openldap-devel-0:2.0.27-20.x86_64",
"3ES:nss_ldap-0:207-17.i386",
"3ES:nss_ldap-0:207-17.ia64",
"3ES:nss_ldap-0:207-17.src",
"3ES:nss_ldap-0:207-17.x86_64",
"3ES:nss_ldap-debuginfo-0:207-17.i386",
"3ES:nss_ldap-debuginfo-0:207-17.ia64",
"3ES:nss_ldap-debuginfo-0:207-17.x86_64",
"3ES:openldap-0:2.0.27-20.i386",
"3ES:openldap-0:2.0.27-20.ia64",
"3ES:openldap-0:2.0.27-20.src",
"3ES:openldap-0:2.0.27-20.x86_64",
"3ES:openldap-clients-0:2.0.27-20.i386",
"3ES:openldap-clients-0:2.0.27-20.ia64",
"3ES:openldap-clients-0:2.0.27-20.x86_64",
"3ES:openldap-debuginfo-0:2.0.27-20.i386",
"3ES:openldap-debuginfo-0:2.0.27-20.ia64",
"3ES:openldap-debuginfo-0:2.0.27-20.x86_64",
"3ES:openldap-devel-0:2.0.27-20.i386",
"3ES:openldap-devel-0:2.0.27-20.ia64",
"3ES:openldap-devel-0:2.0.27-20.x86_64",
"3ES:openldap-servers-0:2.0.27-20.i386",
"3ES:openldap-servers-0:2.0.27-20.ia64",
"3ES:openldap-servers-0:2.0.27-20.x86_64",
"3WS:nss_ldap-0:207-17.i386",
"3WS:nss_ldap-0:207-17.ia64",
"3WS:nss_ldap-0:207-17.src",
"3WS:nss_ldap-0:207-17.x86_64",
"3WS:nss_ldap-debuginfo-0:207-17.i386",
"3WS:nss_ldap-debuginfo-0:207-17.ia64",
"3WS:nss_ldap-debuginfo-0:207-17.x86_64",
"3WS:openldap-0:2.0.27-20.i386",
"3WS:openldap-0:2.0.27-20.ia64",
"3WS:openldap-0:2.0.27-20.src",
"3WS:openldap-0:2.0.27-20.x86_64",
"3WS:openldap-clients-0:2.0.27-20.i386",
"3WS:openldap-clients-0:2.0.27-20.ia64",
"3WS:openldap-clients-0:2.0.27-20.x86_64",
"3WS:openldap-debuginfo-0:2.0.27-20.i386",
"3WS:openldap-debuginfo-0:2.0.27-20.ia64",
"3WS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3WS:openldap-devel-0:2.0.27-20.i386",
"3WS:openldap-devel-0:2.0.27-20.ia64",
"3WS:openldap-devel-0:2.0.27-20.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2004-0823"
},
{
"category": "external",
"summary": "RHBZ#1617305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2004-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2004-0823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0823"
}
],
"release_date": "2004-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-10-17T07:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:nss_ldap-0:207-17.i386",
"3AS:nss_ldap-0:207-17.ia64",
"3AS:nss_ldap-0:207-17.ppc",
"3AS:nss_ldap-0:207-17.ppc64",
"3AS:nss_ldap-0:207-17.s390",
"3AS:nss_ldap-0:207-17.s390x",
"3AS:nss_ldap-0:207-17.src",
"3AS:nss_ldap-0:207-17.x86_64",
"3AS:nss_ldap-debuginfo-0:207-17.i386",
"3AS:nss_ldap-debuginfo-0:207-17.ia64",
"3AS:nss_ldap-debuginfo-0:207-17.ppc",
"3AS:nss_ldap-debuginfo-0:207-17.ppc64",
"3AS:nss_ldap-debuginfo-0:207-17.s390",
"3AS:nss_ldap-debuginfo-0:207-17.s390x",
"3AS:nss_ldap-debuginfo-0:207-17.x86_64",
"3AS:openldap-0:2.0.27-20.i386",
"3AS:openldap-0:2.0.27-20.ia64",
"3AS:openldap-0:2.0.27-20.ppc",
"3AS:openldap-0:2.0.27-20.ppc64",
"3AS:openldap-0:2.0.27-20.s390",
"3AS:openldap-0:2.0.27-20.s390x",
"3AS:openldap-0:2.0.27-20.src",
"3AS:openldap-0:2.0.27-20.x86_64",
"3AS:openldap-clients-0:2.0.27-20.i386",
"3AS:openldap-clients-0:2.0.27-20.ia64",
"3AS:openldap-clients-0:2.0.27-20.ppc",
"3AS:openldap-clients-0:2.0.27-20.s390",
"3AS:openldap-clients-0:2.0.27-20.s390x",
"3AS:openldap-clients-0:2.0.27-20.x86_64",
"3AS:openldap-debuginfo-0:2.0.27-20.i386",
"3AS:openldap-debuginfo-0:2.0.27-20.ia64",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc64",
"3AS:openldap-debuginfo-0:2.0.27-20.s390",
"3AS:openldap-debuginfo-0:2.0.27-20.s390x",
"3AS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3AS:openldap-devel-0:2.0.27-20.i386",
"3AS:openldap-devel-0:2.0.27-20.ia64",
"3AS:openldap-devel-0:2.0.27-20.ppc",
"3AS:openldap-devel-0:2.0.27-20.s390",
"3AS:openldap-devel-0:2.0.27-20.s390x",
"3AS:openldap-devel-0:2.0.27-20.x86_64",
"3AS:openldap-servers-0:2.0.27-20.i386",
"3AS:openldap-servers-0:2.0.27-20.ia64",
"3AS:openldap-servers-0:2.0.27-20.ppc",
"3AS:openldap-servers-0:2.0.27-20.s390",
"3AS:openldap-servers-0:2.0.27-20.s390x",
"3AS:openldap-servers-0:2.0.27-20.x86_64",
"3Desktop:nss_ldap-0:207-17.i386",
"3Desktop:nss_ldap-0:207-17.src",
"3Desktop:nss_ldap-0:207-17.x86_64",
"3Desktop:nss_ldap-debuginfo-0:207-17.i386",
"3Desktop:nss_ldap-debuginfo-0:207-17.x86_64",
"3Desktop:openldap-0:2.0.27-20.i386",
"3Desktop:openldap-0:2.0.27-20.src",
"3Desktop:openldap-0:2.0.27-20.x86_64",
"3Desktop:openldap-clients-0:2.0.27-20.i386",
"3Desktop:openldap-clients-0:2.0.27-20.x86_64",
"3Desktop:openldap-debuginfo-0:2.0.27-20.i386",
"3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64",
"3Desktop:openldap-devel-0:2.0.27-20.i386",
"3Desktop:openldap-devel-0:2.0.27-20.x86_64",
"3ES:nss_ldap-0:207-17.i386",
"3ES:nss_ldap-0:207-17.ia64",
"3ES:nss_ldap-0:207-17.src",
"3ES:nss_ldap-0:207-17.x86_64",
"3ES:nss_ldap-debuginfo-0:207-17.i386",
"3ES:nss_ldap-debuginfo-0:207-17.ia64",
"3ES:nss_ldap-debuginfo-0:207-17.x86_64",
"3ES:openldap-0:2.0.27-20.i386",
"3ES:openldap-0:2.0.27-20.ia64",
"3ES:openldap-0:2.0.27-20.src",
"3ES:openldap-0:2.0.27-20.x86_64",
"3ES:openldap-clients-0:2.0.27-20.i386",
"3ES:openldap-clients-0:2.0.27-20.ia64",
"3ES:openldap-clients-0:2.0.27-20.x86_64",
"3ES:openldap-debuginfo-0:2.0.27-20.i386",
"3ES:openldap-debuginfo-0:2.0.27-20.ia64",
"3ES:openldap-debuginfo-0:2.0.27-20.x86_64",
"3ES:openldap-devel-0:2.0.27-20.i386",
"3ES:openldap-devel-0:2.0.27-20.ia64",
"3ES:openldap-devel-0:2.0.27-20.x86_64",
"3ES:openldap-servers-0:2.0.27-20.i386",
"3ES:openldap-servers-0:2.0.27-20.ia64",
"3ES:openldap-servers-0:2.0.27-20.x86_64",
"3WS:nss_ldap-0:207-17.i386",
"3WS:nss_ldap-0:207-17.ia64",
"3WS:nss_ldap-0:207-17.src",
"3WS:nss_ldap-0:207-17.x86_64",
"3WS:nss_ldap-debuginfo-0:207-17.i386",
"3WS:nss_ldap-debuginfo-0:207-17.ia64",
"3WS:nss_ldap-debuginfo-0:207-17.x86_64",
"3WS:openldap-0:2.0.27-20.i386",
"3WS:openldap-0:2.0.27-20.ia64",
"3WS:openldap-0:2.0.27-20.src",
"3WS:openldap-0:2.0.27-20.x86_64",
"3WS:openldap-clients-0:2.0.27-20.i386",
"3WS:openldap-clients-0:2.0.27-20.ia64",
"3WS:openldap-clients-0:2.0.27-20.x86_64",
"3WS:openldap-debuginfo-0:2.0.27-20.i386",
"3WS:openldap-debuginfo-0:2.0.27-20.ia64",
"3WS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3WS:openldap-devel-0:2.0.27-20.i386",
"3WS:openldap-devel-0:2.0.27-20.ia64",
"3WS:openldap-devel-0:2.0.27-20.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:751"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-2069",
"discovery_date": "2005-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617681"
}
],
"notes": [
{
"category": "description",
"text": "pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:nss_ldap-0:207-17.i386",
"3AS:nss_ldap-0:207-17.ia64",
"3AS:nss_ldap-0:207-17.ppc",
"3AS:nss_ldap-0:207-17.ppc64",
"3AS:nss_ldap-0:207-17.s390",
"3AS:nss_ldap-0:207-17.s390x",
"3AS:nss_ldap-0:207-17.src",
"3AS:nss_ldap-0:207-17.x86_64",
"3AS:nss_ldap-debuginfo-0:207-17.i386",
"3AS:nss_ldap-debuginfo-0:207-17.ia64",
"3AS:nss_ldap-debuginfo-0:207-17.ppc",
"3AS:nss_ldap-debuginfo-0:207-17.ppc64",
"3AS:nss_ldap-debuginfo-0:207-17.s390",
"3AS:nss_ldap-debuginfo-0:207-17.s390x",
"3AS:nss_ldap-debuginfo-0:207-17.x86_64",
"3AS:openldap-0:2.0.27-20.i386",
"3AS:openldap-0:2.0.27-20.ia64",
"3AS:openldap-0:2.0.27-20.ppc",
"3AS:openldap-0:2.0.27-20.ppc64",
"3AS:openldap-0:2.0.27-20.s390",
"3AS:openldap-0:2.0.27-20.s390x",
"3AS:openldap-0:2.0.27-20.src",
"3AS:openldap-0:2.0.27-20.x86_64",
"3AS:openldap-clients-0:2.0.27-20.i386",
"3AS:openldap-clients-0:2.0.27-20.ia64",
"3AS:openldap-clients-0:2.0.27-20.ppc",
"3AS:openldap-clients-0:2.0.27-20.s390",
"3AS:openldap-clients-0:2.0.27-20.s390x",
"3AS:openldap-clients-0:2.0.27-20.x86_64",
"3AS:openldap-debuginfo-0:2.0.27-20.i386",
"3AS:openldap-debuginfo-0:2.0.27-20.ia64",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc64",
"3AS:openldap-debuginfo-0:2.0.27-20.s390",
"3AS:openldap-debuginfo-0:2.0.27-20.s390x",
"3AS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3AS:openldap-devel-0:2.0.27-20.i386",
"3AS:openldap-devel-0:2.0.27-20.ia64",
"3AS:openldap-devel-0:2.0.27-20.ppc",
"3AS:openldap-devel-0:2.0.27-20.s390",
"3AS:openldap-devel-0:2.0.27-20.s390x",
"3AS:openldap-devel-0:2.0.27-20.x86_64",
"3AS:openldap-servers-0:2.0.27-20.i386",
"3AS:openldap-servers-0:2.0.27-20.ia64",
"3AS:openldap-servers-0:2.0.27-20.ppc",
"3AS:openldap-servers-0:2.0.27-20.s390",
"3AS:openldap-servers-0:2.0.27-20.s390x",
"3AS:openldap-servers-0:2.0.27-20.x86_64",
"3Desktop:nss_ldap-0:207-17.i386",
"3Desktop:nss_ldap-0:207-17.src",
"3Desktop:nss_ldap-0:207-17.x86_64",
"3Desktop:nss_ldap-debuginfo-0:207-17.i386",
"3Desktop:nss_ldap-debuginfo-0:207-17.x86_64",
"3Desktop:openldap-0:2.0.27-20.i386",
"3Desktop:openldap-0:2.0.27-20.src",
"3Desktop:openldap-0:2.0.27-20.x86_64",
"3Desktop:openldap-clients-0:2.0.27-20.i386",
"3Desktop:openldap-clients-0:2.0.27-20.x86_64",
"3Desktop:openldap-debuginfo-0:2.0.27-20.i386",
"3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64",
"3Desktop:openldap-devel-0:2.0.27-20.i386",
"3Desktop:openldap-devel-0:2.0.27-20.x86_64",
"3ES:nss_ldap-0:207-17.i386",
"3ES:nss_ldap-0:207-17.ia64",
"3ES:nss_ldap-0:207-17.src",
"3ES:nss_ldap-0:207-17.x86_64",
"3ES:nss_ldap-debuginfo-0:207-17.i386",
"3ES:nss_ldap-debuginfo-0:207-17.ia64",
"3ES:nss_ldap-debuginfo-0:207-17.x86_64",
"3ES:openldap-0:2.0.27-20.i386",
"3ES:openldap-0:2.0.27-20.ia64",
"3ES:openldap-0:2.0.27-20.src",
"3ES:openldap-0:2.0.27-20.x86_64",
"3ES:openldap-clients-0:2.0.27-20.i386",
"3ES:openldap-clients-0:2.0.27-20.ia64",
"3ES:openldap-clients-0:2.0.27-20.x86_64",
"3ES:openldap-debuginfo-0:2.0.27-20.i386",
"3ES:openldap-debuginfo-0:2.0.27-20.ia64",
"3ES:openldap-debuginfo-0:2.0.27-20.x86_64",
"3ES:openldap-devel-0:2.0.27-20.i386",
"3ES:openldap-devel-0:2.0.27-20.ia64",
"3ES:openldap-devel-0:2.0.27-20.x86_64",
"3ES:openldap-servers-0:2.0.27-20.i386",
"3ES:openldap-servers-0:2.0.27-20.ia64",
"3ES:openldap-servers-0:2.0.27-20.x86_64",
"3WS:nss_ldap-0:207-17.i386",
"3WS:nss_ldap-0:207-17.ia64",
"3WS:nss_ldap-0:207-17.src",
"3WS:nss_ldap-0:207-17.x86_64",
"3WS:nss_ldap-debuginfo-0:207-17.i386",
"3WS:nss_ldap-debuginfo-0:207-17.ia64",
"3WS:nss_ldap-debuginfo-0:207-17.x86_64",
"3WS:openldap-0:2.0.27-20.i386",
"3WS:openldap-0:2.0.27-20.ia64",
"3WS:openldap-0:2.0.27-20.src",
"3WS:openldap-0:2.0.27-20.x86_64",
"3WS:openldap-clients-0:2.0.27-20.i386",
"3WS:openldap-clients-0:2.0.27-20.ia64",
"3WS:openldap-clients-0:2.0.27-20.x86_64",
"3WS:openldap-debuginfo-0:2.0.27-20.i386",
"3WS:openldap-debuginfo-0:2.0.27-20.ia64",
"3WS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3WS:openldap-devel-0:2.0.27-20.i386",
"3WS:openldap-devel-0:2.0.27-20.ia64",
"3WS:openldap-devel-0:2.0.27-20.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2069"
},
{
"category": "external",
"summary": "RHBZ#1617681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2069",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2069"
}
],
"release_date": "2005-06-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2005-10-17T07:38:00+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network. To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
"product_ids": [
"3AS:nss_ldap-0:207-17.i386",
"3AS:nss_ldap-0:207-17.ia64",
"3AS:nss_ldap-0:207-17.ppc",
"3AS:nss_ldap-0:207-17.ppc64",
"3AS:nss_ldap-0:207-17.s390",
"3AS:nss_ldap-0:207-17.s390x",
"3AS:nss_ldap-0:207-17.src",
"3AS:nss_ldap-0:207-17.x86_64",
"3AS:nss_ldap-debuginfo-0:207-17.i386",
"3AS:nss_ldap-debuginfo-0:207-17.ia64",
"3AS:nss_ldap-debuginfo-0:207-17.ppc",
"3AS:nss_ldap-debuginfo-0:207-17.ppc64",
"3AS:nss_ldap-debuginfo-0:207-17.s390",
"3AS:nss_ldap-debuginfo-0:207-17.s390x",
"3AS:nss_ldap-debuginfo-0:207-17.x86_64",
"3AS:openldap-0:2.0.27-20.i386",
"3AS:openldap-0:2.0.27-20.ia64",
"3AS:openldap-0:2.0.27-20.ppc",
"3AS:openldap-0:2.0.27-20.ppc64",
"3AS:openldap-0:2.0.27-20.s390",
"3AS:openldap-0:2.0.27-20.s390x",
"3AS:openldap-0:2.0.27-20.src",
"3AS:openldap-0:2.0.27-20.x86_64",
"3AS:openldap-clients-0:2.0.27-20.i386",
"3AS:openldap-clients-0:2.0.27-20.ia64",
"3AS:openldap-clients-0:2.0.27-20.ppc",
"3AS:openldap-clients-0:2.0.27-20.s390",
"3AS:openldap-clients-0:2.0.27-20.s390x",
"3AS:openldap-clients-0:2.0.27-20.x86_64",
"3AS:openldap-debuginfo-0:2.0.27-20.i386",
"3AS:openldap-debuginfo-0:2.0.27-20.ia64",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc",
"3AS:openldap-debuginfo-0:2.0.27-20.ppc64",
"3AS:openldap-debuginfo-0:2.0.27-20.s390",
"3AS:openldap-debuginfo-0:2.0.27-20.s390x",
"3AS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3AS:openldap-devel-0:2.0.27-20.i386",
"3AS:openldap-devel-0:2.0.27-20.ia64",
"3AS:openldap-devel-0:2.0.27-20.ppc",
"3AS:openldap-devel-0:2.0.27-20.s390",
"3AS:openldap-devel-0:2.0.27-20.s390x",
"3AS:openldap-devel-0:2.0.27-20.x86_64",
"3AS:openldap-servers-0:2.0.27-20.i386",
"3AS:openldap-servers-0:2.0.27-20.ia64",
"3AS:openldap-servers-0:2.0.27-20.ppc",
"3AS:openldap-servers-0:2.0.27-20.s390",
"3AS:openldap-servers-0:2.0.27-20.s390x",
"3AS:openldap-servers-0:2.0.27-20.x86_64",
"3Desktop:nss_ldap-0:207-17.i386",
"3Desktop:nss_ldap-0:207-17.src",
"3Desktop:nss_ldap-0:207-17.x86_64",
"3Desktop:nss_ldap-debuginfo-0:207-17.i386",
"3Desktop:nss_ldap-debuginfo-0:207-17.x86_64",
"3Desktop:openldap-0:2.0.27-20.i386",
"3Desktop:openldap-0:2.0.27-20.src",
"3Desktop:openldap-0:2.0.27-20.x86_64",
"3Desktop:openldap-clients-0:2.0.27-20.i386",
"3Desktop:openldap-clients-0:2.0.27-20.x86_64",
"3Desktop:openldap-debuginfo-0:2.0.27-20.i386",
"3Desktop:openldap-debuginfo-0:2.0.27-20.x86_64",
"3Desktop:openldap-devel-0:2.0.27-20.i386",
"3Desktop:openldap-devel-0:2.0.27-20.x86_64",
"3ES:nss_ldap-0:207-17.i386",
"3ES:nss_ldap-0:207-17.ia64",
"3ES:nss_ldap-0:207-17.src",
"3ES:nss_ldap-0:207-17.x86_64",
"3ES:nss_ldap-debuginfo-0:207-17.i386",
"3ES:nss_ldap-debuginfo-0:207-17.ia64",
"3ES:nss_ldap-debuginfo-0:207-17.x86_64",
"3ES:openldap-0:2.0.27-20.i386",
"3ES:openldap-0:2.0.27-20.ia64",
"3ES:openldap-0:2.0.27-20.src",
"3ES:openldap-0:2.0.27-20.x86_64",
"3ES:openldap-clients-0:2.0.27-20.i386",
"3ES:openldap-clients-0:2.0.27-20.ia64",
"3ES:openldap-clients-0:2.0.27-20.x86_64",
"3ES:openldap-debuginfo-0:2.0.27-20.i386",
"3ES:openldap-debuginfo-0:2.0.27-20.ia64",
"3ES:openldap-debuginfo-0:2.0.27-20.x86_64",
"3ES:openldap-devel-0:2.0.27-20.i386",
"3ES:openldap-devel-0:2.0.27-20.ia64",
"3ES:openldap-devel-0:2.0.27-20.x86_64",
"3ES:openldap-servers-0:2.0.27-20.i386",
"3ES:openldap-servers-0:2.0.27-20.ia64",
"3ES:openldap-servers-0:2.0.27-20.x86_64",
"3WS:nss_ldap-0:207-17.i386",
"3WS:nss_ldap-0:207-17.ia64",
"3WS:nss_ldap-0:207-17.src",
"3WS:nss_ldap-0:207-17.x86_64",
"3WS:nss_ldap-debuginfo-0:207-17.i386",
"3WS:nss_ldap-debuginfo-0:207-17.ia64",
"3WS:nss_ldap-debuginfo-0:207-17.x86_64",
"3WS:openldap-0:2.0.27-20.i386",
"3WS:openldap-0:2.0.27-20.ia64",
"3WS:openldap-0:2.0.27-20.src",
"3WS:openldap-0:2.0.27-20.x86_64",
"3WS:openldap-clients-0:2.0.27-20.i386",
"3WS:openldap-clients-0:2.0.27-20.ia64",
"3WS:openldap-clients-0:2.0.27-20.x86_64",
"3WS:openldap-debuginfo-0:2.0.27-20.i386",
"3WS:openldap-debuginfo-0:2.0.27-20.ia64",
"3WS:openldap-debuginfo-0:2.0.27-20.x86_64",
"3WS:openldap-devel-0:2.0.27-20.i386",
"3WS:openldap-devel-0:2.0.27-20.ia64",
"3WS:openldap-devel-0:2.0.27-20.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2005:751"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "security flaw"
}
]
}
VAR-200409-0015
Vulnerability from variot - Updated: 2025-04-03 20:39OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. OpenLDAP In using a specific authentication scheme userPassword There is a flaw that prevents password authentication if the password value is obtained because the value stored in is not processed as plain text.Password authentication may be avoided. In certain undisclosed cases, OpenLDAP is reported prone to an ambiguous-password-attribute weakness. If an attacker can retrieve a password hash as contained in the OpenLDAP database, they may then be able to directly authenticate to the LDAP database. The attacker may gain unauthorized access if they can sniff password hashes from the network or if they can retrieve the contents of the 'userPassword' attribute from a database backup or through weak permissions on the database. The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and 10.3.5, is reported affected. Versions of OpenLDAP included in other operating systems may also be affected. There is a problem in OpenLDAP's verification of CRYPT passwords. Remote attackers can use this vulnerability to log in using other users' CRYPT values as passwords. An attacker can log in with the target user's authority by using the CRYPT value of the target user's password. Apple reports that CRYPT passwords can be specified as a clear text password as userPassword. According to reports, some authentication mechanisms can use CRYPT values as plaintext passwords.
TITLE: Red Hat update for openldap / nss_ldap
SECUNIA ADVISORY ID: SA17233
VERIFY ADVISORY: http://secunia.com/advisories/17233/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From remote
OPERATING SYSTEM: RedHat Linux Advanced Workstation 2.1 for Itanium http://secunia.com/product/1326/ RedHat Enterprise Linux WS 4 http://secunia.com/product/4670/ RedHat Enterprise Linux WS 3 http://secunia.com/product/2536/ RedHat Enterprise Linux WS 2.1 http://secunia.com/product/1044/ RedHat Enterprise Linux ES 4 http://secunia.com/product/4668/ RedHat Enterprise Linux ES 3 http://secunia.com/product/2535/ RedHat Enterprise Linux ES 2.1 http://secunia.com/product/1306/ RedHat Enterprise Linux AS 4 http://secunia.com/product/4669/ RedHat Enterprise Linux AS 3 http://secunia.com/product/2534/ RedHat Enterprise Linux AS 2.1 http://secunia.com/product/48/
DESCRIPTION: Red Hat has issued updates for openldap / nss_ldap. This fixes two security issues and a vulnerability, which can be exploit by malicious people to gain knowledge of sensitive information or bypass certain security restrictions.
For more information: SA15906 SA16518 SA12491
SOLUTION: Updated packages are available from Red Hat Network. http://rhn.redhat.com/
ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2005-767.html http://rhn.redhat.com/errata/RHSA-2005-751.html
OTHER REFERENCES: SA15906: http://secunia.com/advisories/15906/
SA16518: http://secunia.com/advisories/16518/
SA12491: http://secunia.com/advisories/12491/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200409-0015",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.2.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.2.8"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.19"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.18"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.17"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.16"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.15"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.14"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.13"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.12"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.11"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.10"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.1.4"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.27"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.25"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.23"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.22"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.21"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.20"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.19"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.18"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.17"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.16"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.15"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.14"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.13"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.12"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.11"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.10"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.9"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.8"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.7"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.6"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.5"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.4"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.3"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.2"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0.1"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "2.0"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.13"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.12"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.11"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.10"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.9"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.8"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.7"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.6"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.5"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.4"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.3"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.2"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2.1"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.2"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.1.4"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.1.3"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.1.2"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.1.1"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.1"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.0.3"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.0.2"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.0.1"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.3,
"vendor": "openldap",
"version": "1.0"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.0,
"vendor": "openldap",
"version": "2.0.11_11"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.0,
"vendor": "openldap",
"version": "2.0.11_11s"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.0,
"vendor": "openldap",
"version": "2.0.11_9"
},
{
"model": "openldap",
"scope": "eq",
"trust": 1.0,
"vendor": "openldap",
"version": "2.1_.20"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "openldap",
"scope": "eq",
"trust": 0.3,
"vendor": "openldap",
"version": "2.1.20"
},
{
"model": "openldap",
"scope": "eq",
"trust": 0.3,
"vendor": "openldap",
"version": "2.0.11-9"
},
{
"model": "-11s",
"scope": "eq",
"trust": 0.3,
"vendor": "openldap",
"version": "2.0.11"
},
{
"model": "openldap",
"scope": "eq",
"trust": 0.3,
"vendor": "openldap",
"version": "2.0.11-11"
},
{
"model": "s8710 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8710 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8700 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8500 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8300 r2.0.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.2.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "BID",
"id": "11137"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-9253",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0823",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#914870",
"trust": 0.8,
"value": "1.73"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#545446",
"trust": 0.8,
"value": "9.62"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#704110",
"trust": 0.8,
"value": "5.91"
},
{
"author": "NVD",
"id": "CVE-2004-0823",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200409-014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-9253",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "VULHUB",
"id": "VHN-9253"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. There is a vulnerability in the Apple QuickTime Streaming Server that could allow a remote attacker to cause a denial-of-service condition. There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. OpenLDAP In using a specific authentication scheme userPassword There is a flaw that prevents password authentication if the password value is obtained because the value stored in is not processed as plain text.Password authentication may be avoided. In certain undisclosed cases, OpenLDAP is reported prone to an ambiguous-password-attribute weakness. \nIf an attacker can retrieve a password hash as contained in the OpenLDAP database, they may then be able to directly authenticate to the LDAP database. The attacker may gain unauthorized access if they can sniff password hashes from the network or if they can retrieve the contents of the \u0027userPassword\u0027 attribute from a database backup or through weak permissions on the database. \nThe OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and 10.3.5, is reported affected. Versions of OpenLDAP included in other operating systems may also be affected. There is a problem in OpenLDAP\u0027s verification of CRYPT passwords. Remote attackers can use this vulnerability to log in using other users\u0027 CRYPT values \u200b\u200bas passwords. An attacker can log in with the target user\u0027s authority by using the CRYPT value of the target user\u0027s password. Apple reports that CRYPT passwords can be specified as a clear text password as userPassword. According to reports, some authentication mechanisms can use CRYPT values \u200b\u200bas plaintext passwords. \n\nTITLE:\nRed Hat update for openldap / nss_ldap\n\nSECUNIA ADVISORY ID:\nSA17233\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17233/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nRedHat Linux Advanced Workstation 2.1 for Itanium\nhttp://secunia.com/product/1326/\nRedHat Enterprise Linux WS 4\nhttp://secunia.com/product/4670/\nRedHat Enterprise Linux WS 3\nhttp://secunia.com/product/2536/\nRedHat Enterprise Linux WS 2.1\nhttp://secunia.com/product/1044/\nRedHat Enterprise Linux ES 4\nhttp://secunia.com/product/4668/\nRedHat Enterprise Linux ES 3\nhttp://secunia.com/product/2535/\nRedHat Enterprise Linux ES 2.1\nhttp://secunia.com/product/1306/\nRedHat Enterprise Linux AS 4\nhttp://secunia.com/product/4669/\nRedHat Enterprise Linux AS 3\nhttp://secunia.com/product/2534/\nRedHat Enterprise Linux AS 2.1\nhttp://secunia.com/product/48/\n\nDESCRIPTION:\nRed Hat has issued updates for openldap / nss_ldap. This fixes two\nsecurity issues and a vulnerability, which can be exploit by\nmalicious people to gain knowledge of sensitive information or bypass\ncertain security restrictions. \n\nFor more information:\nSA15906\nSA16518\nSA12491\n\nSOLUTION:\nUpdated packages are available from Red Hat Network. \nhttp://rhn.redhat.com/\n\nORIGINAL ADVISORY:\nhttp://rhn.redhat.com/errata/RHSA-2005-767.html\nhttp://rhn.redhat.com/errata/RHSA-2005-751.html\n\nOTHER REFERENCES:\nSA15906:\nhttp://secunia.com/advisories/15906/\n\nSA16518:\nhttp://secunia.com/advisories/16518/\n\nSA12491:\nhttp://secunia.com/advisories/12491/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0823"
},
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "BID",
"id": "11137"
},
{
"db": "VULHUB",
"id": "VHN-9253"
},
{
"db": "PACKETSTORM",
"id": "40749"
}
],
"trust": 4.23
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "12491",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2004-0823",
"trust": 2.8
},
{
"db": "BID",
"id": "11137",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "17233",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "21520",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2004.0559",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1011174",
"trust": 1.6
},
{
"db": "BID",
"id": "11138",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1011176",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#914870",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#545446",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#704110",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2004-09-07",
"trust": 0.6
},
{
"db": "XF",
"id": "17300",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2005:751",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:10703",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9253",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40749",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "VULHUB",
"id": "VHN-9253"
},
{
"db": "BID",
"id": "11137"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "PACKETSTORM",
"id": "40749"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"id": "VAR-200409-0015",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9253"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T20:39:14.361000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2005:751",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2005-751.html"
},
{
"title": "RHSA-2005:751",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2005-751J.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.2,
"url": "http://secunia.com/advisories/12491/"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/11137"
},
{
"trust": 2.4,
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2006-157.htm"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/advisories/7148"
},
{
"trust": 1.7,
"url": "http://www.auscert.org.au/render.html?it=4363"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2005-751.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17233"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21520"
},
{
"trust": 1.6,
"url": "http://developer.apple.com/documentation/macosx/conceptual/systemoverview/systemarchitecture/chapter_3_section_7.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/alerts/2004/sep/1011174.html"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10703"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17300"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/alerts/2004/sep/1011176.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/11138"
},
{
"trust": 0.8,
"url": "http://developer.apple.com/documentation/corefoundation/reference/cfpluginref/reference/introduction.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0823"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0823"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17300"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:10703"
},
{
"trust": 0.3,
"url": "http://www.openldap.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17233/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2536/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2535/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/48/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/15906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4669/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2005-751.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/16518/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4668/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2005-767.html"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1326/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1306/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4670/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2534/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1044/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "VULHUB",
"id": "VHN-9253"
},
{
"db": "BID",
"id": "11137"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "PACKETSTORM",
"id": "40749"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#914870"
},
{
"db": "CERT/CC",
"id": "VU#545446"
},
{
"db": "CERT/CC",
"id": "VU#704110"
},
{
"db": "VULHUB",
"id": "VHN-9253"
},
{
"db": "BID",
"id": "11137"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"db": "PACKETSTORM",
"id": "40749"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#914870"
},
{
"date": "2004-09-09T00:00:00",
"db": "CERT/CC",
"id": "VU#545446"
},
{
"date": "2004-09-09T00:00:00",
"db": "CERT/CC",
"id": "VU#704110"
},
{
"date": "2004-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-9253"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11137"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"date": "2005-10-18T22:10:31",
"db": "PACKETSTORM",
"id": "40749"
},
{
"date": "2004-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"date": "2004-09-07T04:00:00",
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-15T00:00:00",
"db": "CERT/CC",
"id": "VU#914870"
},
{
"date": "2004-09-29T00:00:00",
"db": "CERT/CC",
"id": "VU#545446"
},
{
"date": "2004-09-09T00:00:00",
"db": "CERT/CC",
"id": "VU#704110"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9253"
},
{
"date": "2006-08-16T21:45:00",
"db": "BID",
"id": "11137"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000366"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-014"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple QuickTime Streaming Server vulnerable to DoS",
"sources": [
{
"db": "CERT/CC",
"id": "VU#914870"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11137"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-014"
}
],
"trust": 0.9
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…