CVE-2004-0823 Information
Description
OpenLDAP 1.0 through 2.1.19 as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords which allows remote attackers to re-use hashed passwords without decrypting them.
Reference
http://secunia.com/advisories/12491/ http://secunia.com/advisories/17233 http://secunia.com/advisories/21520 http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm http://www.auscert.org.au/render.html?it=4363 http://www.redhat.com/support/errata/RHSA-2005-751.html http://www.securityfocus.com/advisories/7148 http://www.securityfocus.com/bid/11137 https://exchange.xforce.ibmcloud.com/vulnerabilities/17300 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10703
Share on: