CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

Juniper Networks IVE OS LDAP Referrals TLS明文密码漏洞

Juniper IVE OS是一款即时虚拟外网技术，用于安全访问SSL VPN设备。 使用TLS的Juniper IVE OS存在密码泄露问题，远程攻击者可以利用漏洞获得明文密码信息对系统进行进一步攻击。 攻击者可以通过嗅探网络通信获得用户敏感信息。目前没有详细漏洞细节提供。 Juniper Networks IVE OS 6.0 Juniper Networks IVE OS 5.4 目前没有详细解决方案提供： http://www.juniper.net...

security flaw

pamldap and nssldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password...

pam_ldap/nss_ldap password leak in a master+slave+start_tls LDAP setup

pamldap/nssldap fail to re-start TLS when following referred connections. This can result in credentials being sent in clear text when pamldap/nssldap attempt to rebind. This affects any LDAP infrastructure which can generate referrals during NSS or PAM operations generally a master+slave LDAP...