CVE-2009-1073

2009-03-31T18:24:00
ID CVE-2009-1073
Type cve
Reporter cve@mitre.org
Modified 2009-04-08T05:36:00

Description

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.