CVE-2005-2069
EPSS 2.8%libpam-ldap - authentication bypass
Published: 6/30/2005Modified: 4/28/2026
Also known as:DEBIAN-CVE-2005-2069
Description
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Affected packages (3)
- Debian/libnss-ldapfrom 0, < 238-1.1
- Debian/libpam-ldapfrom 0, < 178-1sarge1
- Debian/libpam-ldapfrom 0, < 178-1sarge1