CVE-2004-0823 — Apple MAC OS X vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 33.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server Openldap

Timeline

PublishedSep 7

Latest updateApr 29

Description

OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDapple/mac_os_x10.2.8, 10.3.4, 10.3.5+2

▶NVDopenldap/openldap64 versions+63

▶NVDapple/mac_os_x_server10.2.8, 10.3.4, 10.3.5+2

Patches

Patch: secunia.com ↗Patch: www.auscert.org.au ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rr4-25h7-4mj3: OpenLDAP 1↗2022-04-29

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-07

▶

💬Community

Bugzilla

CVE-2004-0823 security flaw↗2018-08-16

▶