CVE-2003-0378

{"id": "CVE-2003-0378", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-16T04:00:00.000", "references": [{"url": "http://docs.info.apple.com/article.html?artnum=107579", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/467828", "tags": ["Exploit", "Patch", "Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set."}, {"lang": "es", "value": "El sistema de autentificaci\u00f3n de login de Kerberos sobre Mac OS X, cuando se usua con un servidor LDAPv3 y autentificaci\u00f3n LDAP, puede enviar passwords en texto plano al servidor LDAP si no est\u00e1 fijado el atributo  AuthenticationAuthority"}], "lastModified": "2008-09-05T20:34:10.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9BF43B3-5625-4168-9BFC-A87A1C17FD77", "versionEndIncluding": "10.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}