Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0823

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0823
Last Modified 21 Aug 2010 12:21:20
Published 07 Sep 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0823

Summary

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.

Vulnerable Systems

Operating System

  • Apple Mac Os X 10.2.8

  • Apple Mac Os X 10.3.4

  • Apple Mac Os X 10.3.5

  • Apple Mac Os X Server 10.2.8

  • Apple Mac Os X Server 10.3.4

  • Apple Mac Os X Server 10.3.5

Application

  • Openldap 1.0

  • Openldap 1.0.1

  • Openldap 1.0.2

  • Openldap 1.0.3

  • Openldap 1.1

  • Openldap 1.1.1

  • Openldap 1.1.2

  • Openldap 1.1.3

  • Openldap 1.1.4

  • Openldap 1.2

  • Openldap 1.2.1

  • Openldap 1.2.10

  • Openldap 1.2.11

  • Openldap 1.2.12

  • Openldap 1.2.13

  • Openldap 1.2.2

  • Openldap 1.2.3

  • Openldap 1.2.4

  • Openldap 1.2.5

  • Openldap 1.2.6

  • Openldap 1.2.7

  • Openldap 1.2.8

  • Openldap 1.2.9

  • Openldap 2.0

  • Openldap 2.0.1

  • Openldap 2.0.10

  • Openldap 2.0.11

  • Openldap 2.0.11 11

  • Openldap 2.0.11 11s

  • Openldap 2.0.11 9

  • Openldap 2.0.12

  • Openldap 2.0.13

  • Openldap 2.0.14

  • Openldap 2.0.15

  • Openldap 2.0.16

  • Openldap 2.0.17

  • Openldap 2.0.18

  • Openldap 2.0.19

  • Openldap 2.0.2

  • Openldap 2.0.20

  • Openldap 2.0.21

  • Openldap 2.0.22

  • Openldap 2.0.23

  • Openldap 2.0.25

  • Openldap 2.0.27

  • Openldap 2.0.3

  • Openldap 2.0.4

  • Openldap 2.0.5

  • Openldap 2.0.6

  • Openldap 2.0.7

  • Openldap 2.0.8

  • Openldap 2.0.9

  • Openldap 2.1 .20

  • Openldap 2.1.10

  • Openldap 2.1.11

  • Openldap 2.1.12

  • Openldap 2.1.13

  • Openldap 2.1.14

  • Openldap 2.1.15

  • Openldap 2.1.16

  • Openldap 2.1.17

  • Openldap 2.1.18

  • Openldap 2.1.19

  • Openldap 2.1.4


References

XF - openldap-crypt-gain-access(17300)

BID - 11137

APPLE - APPLE-SA-2004-09-07

AUSCERT - ESB-2004.0559

SECUNIA - 12491

REDHAT - RHSA-2005:751

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm

SECUNIA - 21520

SECUNIA - 17233


Last Updated: 27 May 2016 10:38:46