OpenLDAP TLS Plaintext Password Vulnerability

OpenLDAP is affected by a password-disclosure vulnerability when used with TLS.

This issue arises when a connection to a slave is established using TLS and the client is referred to a master. TLS is not used with this connection, which can allow an attacker to sniff network traffic and obtain user credentials.

OpenLDAP 2.1.25 is known to be vulnerable at the moment. Other versions may be affected as well.


Privacy Statement
Copyright 2010, SecurityFocus