Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
MITRE description: pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. Red Hat Enterprise Linux 8 is not vulnerable to this issue.
Hello, while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE-2005-2069. The CVE page https://access.redhat.com/security/cve/CVE-2005-2069 does not list RHEL 8. Therefore, it is not clear if the patch mentioned there for RHEL 5 is still present in the RHEL 8 package. Could the CVE page be updated with Red Hat's official statement about this CVE in RHEL 8? Thank you, Jan
(In reply to Jan Pazdziora from comment #3) > Could the CVE page be updated with Red Hat's official statement about this > CVE in RHEL 8? added statement