Unrated severityNVD Advisory· Published Jun 17, 2012· Updated Apr 29, 2026
CVE-2012-2668
CVE-2012-2668
Description
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
Affected products
26cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*range: <=2.4.31
- cpe:2.3:a:openldap:openldap:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- bugs.debian.org/cgi-bin/bugreport.cginvd
- rhn.redhat.com/errata/RHSA-2012-1151.htmlnvd
- seclists.org/fulldisclosure/2019/Dec/26nvd
- security.gentoo.org/glsa/glsa-201406-36.xmlnvd
- www.openldap.org/devel/gitweb.cginvd
- www.openldap.org/its/index.cginvd
- www.openwall.com/lists/oss-security/2012/06/05/4nvd
- www.openwall.com/lists/oss-security/2012/06/06/1nvd
- www.openwall.com/lists/oss-security/2012/06/06/2nvd
- www.securityfocus.com/bid/53823nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/76099nvd
- seclists.org/bugtraq/2019/Dec/23nvd
- support.apple.com/kb/HT210788nvd
News mentions
0No linked articles in our index yet.