Description
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
Affected products
- Novell / data_synchronizer1.0.0 – 1.0.0
- Novell / data_synchronizer1.1.0 – 1.1.0
- Novell / data_synchronizer1.1.1 – 1.1.1
- Novell / data_synchronizer1.1.2 – 1.1.2
- Novell / mobility_pack1.0 – 1.0
- Novell / mobility_pack1.1 – 1.1
- Novell / mobility_pack1.1.1 – 1.1.1
- Novell / mobility_pack1.1.2 – 1.1.2