OpenLDAP Ambiguous Password Attribute Weakness

OpenLDAP Ambiguous Password Attribute Weakness

In certain undisclosed cases, OpenLDAP is reported prone to an ambiguous-password-attribute weakness.

If an attacker can retrieve a password hash as contained in the OpenLDAP database, they may then be able to directly authenticate to the LDAP database. The attacker may gain unauthorized access if they can sniff password hashes from the network or if they can retrieve the contents of the 'userPassword' attribute from a database backup or through weak permissions on the database.

The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and 10.3.5, is reported affected. Versions of OpenLDAP included in other operating systems may also be affected.