LDAP User Profiles Disclosure in IBM AS/400 OS400 5.2
CVE-2005-0899

Currently unrated

Key Information:

Vendor: IBM
Status: Os 400
Vendor: CVE Published:; 2 May 2005

Summary

The IBM AS/400 system running OS400 version 5.2 has a vulnerability that enables LDAP services by default. This configuration allows remote authenticated users to execute LDAP queries that can disclose sensitive user profile information, granting them unauthorized insight into user accounts. Proper configuration and security measures are essential to mitigate this risk and safeguard sensitive data.

References

http://marc.info/?l=bugtraq&m=111186209318029&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Mar 29, 2005