Novell eDirectory uses case insensitive passwords
| novell-edirectory-insecure-passwords (9229) |  Low Risk |
Description:
Novell eDirectory supports case insensitive passwords, which could allow a remote attacker to use brute force techniques to gain unauthorized access to the system.
Consequences:
Other
Remedy:
No remedy available as of February 6, 2010.
References:
- BugTraq Mailing List, Thu May 30 2002 - 03:56:30 CDT: Security Implications of Novell eDirectory..
- Novell Web site: NOVELL: Novell eDirectory.
- BID-4893: Novell eDirectory Weak Password Vulnerability
- CVE-2002-2119: Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which makes it easier for remote attackers to conduct brute force password guessing.
Platforms Affected:
- Novell eDirectory 8.6.2
- Novell eDirectory 8.7
Reported:
May 30, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net