Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 8 is not vulnerable to this issue.
while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE-2005-2069. The CVE page https://access.redhat.com/security/cve/CVE-2005-2069 does not list RHEL 8. Therefore, it is not clear if the patch mentioned there for RHEL 5 is still present in the RHEL 8 package.
Could the CVE page be updated with Red Hat's official statement about this CVE in RHEL 8?
Thank you, Jan
(In reply to Jan Pazdziora from comment #3)
> Could the CVE page be updated with Red Hat's official statement about this
> CVE in RHEL 8?