|
PADL Software PAM_LDAP TLS Plaintext Password Vulnerability
PAM_LDAP is affected by a password disclosure vulnerability when used with TLS. This issue arises when a connection to a slave is established using TLS and the client is referred to a master. TLS is not used with this connection, which can allow an attacker to sniff network traffic and obtain user credentials. PAM_LDAP build 166 is known to be vulnerable at the moment. Other versions may be affected as well. |
|
 Privacy Statement |
