ID CVE-2004-0823
Summary OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
References
Vulnerable Configurations
  • cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:1.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*
    cpe:2.3:a:openldap:openldap:2.1_.20:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:07:54.854-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
family unix
id oval:org.mitre.oval:def:10703
status accepted
submitted 2010-07-09T03:56:16-04:00
title OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
version 29
redhat via4
advisories
rhsa
id RHSA-2005:751
rpms
  • nss_ldap-0:207-17
  • nss_ldap-debuginfo-0:207-17
  • openldap-0:2.0.27-20
  • openldap-clients-0:2.0.27-20
  • openldap-debuginfo-0:2.0.27-20
  • openldap-devel-0:2.0.27-20
  • openldap-servers-0:2.0.27-20
refmap via4
apple APPLE-SA-2004-09-07
auscert ESB-2004.0559
bid 11137
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
secunia
  • 12491
  • 17233
  • 21520
xf openldap-crypt-gain-access(17300)
Last major update 11-10-2017 - 01:29
Published 07-09-2004 - 04:00
Last modified 11-10-2017 - 01:29
Back to Top