libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-06-16 20:41
Updated : 2023-02-12 20:33
NVD link : CVE-2012-2668
Mitre link : CVE-2012-2668
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
openldap
- openldap