FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (3a81017a-8154-11dc-9283-0016179b2dd5)
Low Nessus Plugin ID 27550
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionGanael Laplanche reports :
Up to now, each ldap* command was called with the -w parameter, which allows to specify the bind password on the command line.
Unfortunately, this could make the password appear to anybody performing a `ps` during the call. This is now avoided by using the -y parameter and a password file.
SolutionUpdate the affected package.