Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0823 | First vendor Publication | 2004-09-07 |
Vendor | Cve | Last vendor Modification | 2017-10-11 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0823 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10703 | |||
Oval ID: | oval:org.mitre.oval:def:10703 | ||
Title: | OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. | ||
Description: | OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0823 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
9784 | OpenLDAP CRYPT Password Cleartext Transmission OpenLDAP contains a flaw that may allow a malicious user to gain access with knowledge of the CRYPT password. The issue is triggered when the CRYPT password is validated as plaintext. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality, and integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-751.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-751.nasl - Type : ACT_GATHER_INFO |
2004-09-08 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040907.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:24 |
|
2021-04-22 01:02:33 |
|
2020-05-23 00:15:53 |
|
2017-10-11 09:23:23 |
|
2017-07-11 12:01:30 |
|
2016-04-26 12:53:27 |
|
2014-02-17 10:28:01 |
|
2013-05-11 11:43:06 |
|