FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ldapscripts -- Command Line User Credentials Disclosure

Affected packages
ldapscripts < 1.7.1

Details

VuXML ID 3a81017a-8154-11dc-9283-0016179b2dd5
Discovery 2007-10-09
Entry 2007-10-23

Ganael Laplanche reports:

Up to now, each ldap* command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a `ps` during the call. This is now avoided by using the -y parameter and a password file.

References

CVE Name CVE-2007-5373
URL http://secunia.com/advisories/27111
URL http://sourceforge.net/project/shownotes.php?group_id=156483&release_id=546600