Fedora Account System
Red Hat Associate
Red Hat Customer
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
MITRE description: pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 8 is not vulnerable to this issue.
Hello, while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE-2005-2069. The CVE page https://access.redhat.com/security/cve/CVE-2005-2069 does not list RHEL 8. Therefore, it is not clear if the patch mentioned there for RHEL 5 is still present in the RHEL 8 package. Could the CVE page be updated with Red Hat's official statement about this CVE in RHEL 8? Thank you, Jan
(In reply to Jan Pazdziora from comment #3) > Could the CVE page be updated with Red Hat's official statement about this > CVE in RHEL 8? added statement