The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Link | Resource |
---|---|
http://secunia.com/advisories/45527 | Vendor Advisory |
http://www.novell.com/support/viewContent.do?externalId=7009055 | Vendor Advisory |
http://www.securityfocus.com/bid/49069 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2011-08-09 22:55
Updated : 2015-10-29 15:51
NVD link : CVE-2011-2223
Mitre link : CVE-2011-2223
CVE.ORG link : CVE-2011-2223
JSON object : View
Products Affected
novell
- data_synchronizer
- mobility_pack
CWE
CWE-310
Cryptographic Issues