I'm not sure if this is truly a vulnerability, but I thought I'd put it out there for discussion.
openldap 2.4.6 bdb backend ppolicy overlay
I have set up so a default ppolicy such that 3 old passwords are stored in a users pwdHistory attribute.
When I back up the bdb database via slapcat -l backup.ldif the userPassword field looks to be Base64 hashed.
userPassword:: e1NTSEF9VWFTNDNVDRWEx1QzEyWjASGVWc0VZHRNTmt4M1c=
but the passwd history leaves the passwd hashes visible.
pwdHistory: 20071203220105Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}wAuvjfMkMyKKHcMV1Tg7qiG0x4
Obviously these backup LDIF files are keep as secure as possible, and these are OLD passwds, but should the pwdHistory attribute also be hashed when being slapcated?
Scott