CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1656 – When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
https://notcve.org/view.php?id=CVE-2023-1656
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13. • https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14 https://backstage.forgerock.com/knowledge/kb/article/a14149722 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0143 – LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password
https://notcve.org/view.php?id=CVE-2022-0143
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS) Cuando el conector LDAP es iniciado con StartTLS configurado, es concedido acceso no autenticado. Este problema afecta a: todas las versiones del conector LDAP anteriores a 1.5.20.9. El conector LDAP es incluido con Identity Management (IDM) y Remote Connector Server (RCS) • https://backstage.forgerock.com/downloads/browse/idm/featured/connectors https://backstage.forgerock.com/knowledge/kb/article/a11380515 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •