Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9rsx-6k6h-dbfv
Vulnerability ID VCID-9rsx-6k6h-dbfv
Aliases CVE-2005-2069
Summary pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.02839 https://api.first.org/data/v1/epss?cve=CVE-2005-2069
epss 0.02839 https://api.first.org/data/v1/epss?cve=CVE-2005-2069
epss 0.02839 https://api.first.org/data/v1/epss?cve=CVE-2005-2069
epss 0.02839 https://api.first.org/data/v1/epss?cve=CVE-2005-2069
epss 0.02839 https://api.first.org/data/v1/epss?cve=CVE-2005-2069
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069
1617681 https://bugzilla.redhat.com/show_bug.cgi?id=1617681
316972 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972
316973 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973
RHSA-2005:751 https://access.redhat.com/errata/RHSA-2005:751
RHSA-2005:767 https://access.redhat.com/errata/RHSA-2005:767
USN-152-1 https://usn.ubuntu.com/152-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86465
EPSS Score 0.02839
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:40:30.416797+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0