CVE-2023-1656

Published: Mar 29, 2023Modified: Apr 14, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.

Affected (1)

Products: Forgerock: Ldap Connector

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Forgerock Ldap Connector	From 1.5.20.9 to 1.5.20.14

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (4)

https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14

Source: psirt@forgerock.com

Permissions Required

https://backstage.forgerock.com/knowledge/kb/article/a14149722

Source: psirt@forgerock.com

MitigationVendor Advisory

https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://backstage.forgerock.com/knowledge/kb/article/a14149722

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.