| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9445 | V | pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password. | 2013-04-29 | | oval:org.mitre.oval:def:10370 | V | Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. | 2013-04-29 |
|