FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ldapscripts -- Command Line User Credentials Disclosure

Affected packages
ldapscripts < 1.7.1


VuXML ID 3a81017a-8154-11dc-9283-0016179b2dd5
Discovery 2007-10-09
Entry 2007-10-23

Ganael Laplanche reports:

Up to now, each ldap* command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a `ps` during the call. This is now avoided by using the -y parameter and a password file.


CVE Name CVE-2007-5373