CVE-2005-2069
EPSS 2.8%libpam-ldap - authentication bypass
發布日:2005/6/30修改日:2026/4/28
描述
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
受影響套件(3)
- Debian/libnss-ldapfrom 0, < 238-1.1
- Debian/libpam-ldapfrom 0, < 178-1sarge1
- Debian/libpam-ldapfrom 0, < 178-1sarge1