CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
79.9%
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when
using the Mozilla NSS backend, always uses the default cipher suite even
when TLSCipherSuite is set, which might cause OpenLDAP to use weaker
ciphers than intended and make it easier for remote attackers to obtain
sensitive information.
Author | Note |
---|---|
mdeslaur | we build with gnutls, not nss, so not-affected |
www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2c2bb2e
www.openldap.org/its/index.cgi?findid=7285
bugzilla.redhat.com/show_bug.cgi?id=825875
launchpad.net/bugs/cve/CVE-2012-2668
nvd.nist.gov/vuln/detail/CVE-2012-2668
security-tracker.debian.org/tracker/CVE-2012-2668
www.cve.org/CVERecord?id=CVE-2012-2668