CVE-2003-0174

CRITICAL

9.8

Description

The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/12/2003

Last Modified4/16/2026

Sourcenvd

Honeypot Sightings0

Affected Products

sgi:irix

Weaknesses (CWE)

CWE-346

References

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(cve@mitre.org)

http://www.ciac.org/ciac/bulletins/n-084.shtml(cve@mitre.org)

http://www.securityfocus.com/bid/7442(cve@mitre.org)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(cve@mitre.org)

ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P(af854a3a-2127-422b-91ae-364da2661108)

http://www.ciac.org/ciac/bulletins/n-084.shtml(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/7442(af854a3a-2127-422b-91ae-364da2661108)

https://exchange.xforce.ibmcloud.com/vulnerabilities/11860(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.