Vulnerability Description
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openldap | Openldap | 1.0 |
| Apple | Mac Os X | 10.2.8 |
| Apple | Mac Os X Server | 10.2.8 |
References
- http://secunia.com/advisories/12491/PatchVendor Advisory
- http://secunia.com/advisories/17233
- http://secunia.com/advisories/21520
- http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
- http://www.auscert.org.au/render.html?it=4363PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-751.html
- http://www.securityfocus.com/advisories/7148PatchVendor Advisory
- http://www.securityfocus.com/bid/11137PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17300
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/12491/PatchVendor Advisory
- http://secunia.com/advisories/17233
- http://secunia.com/advisories/21520
- http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
- http://www.auscert.org.au/render.html?it=4363PatchVendor Advisory
FAQ
What is CVE-2004-0823?
CVE-2004-0823 is a vulnerability with a CVSS score of 7.5 (HIGH). OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPasswor...
How severe is CVE-2004-0823?
CVE-2004-0823 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0823?
Check the references section above for vendor advisories and patch information. Affected products include: Openldap Openldap, Apple Mac Os X, Apple Mac Os X Server.