OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
http://secunia.com/advisories/12491/
http://secunia.com/advisories/17233
http://secunia.com/advisories/21520
http://support.avaya.com/elmodocs2/security/ASA-2006-157.htm
http://www.auscert.org.au/render.html?it=4363
http://www.redhat.com/support/errata/RHSA-2005-751.html
http://www.securityfocus.com/advisories/7148
http://www.securityfocus.com/bid/11137
https://exchange.xforce.ibmcloud.com/vulnerabilities/17300
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10703
Source: MITRE
Published: 2004-09-07
Updated: 2017-10-11
Type: NVD-CWE-Other
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH