Password is exposed in UI and can be seen through a LAN Trace

  • 7009055
  • 26-Jul-2011
  • 10-Dec-2013

Environment

Novell Data Synchronizer Mobility Pack 1.0
Novell Data Synchronizer Mobility Pack 1.1

Situation

Novell Data Synchronizer Mobility Pack 1.1.2, and earlier, has a vulnerability that could cause LDAP Password of Data Synchronizer Admin to be transmitted in Clear Text over the wire

Resolution

Status

Security Alert

Additional Information

Notes:
Affected versions:
Novell Data Synchronizer 1.0.x (all builds)
Novell Data Synchronizer 1.1.2 build 428 and earlier.
 
CVE-2011-2223