A vulnerability has been found and corrected in libuser: libuser before 0.57 uses a cleartext password value of !! or x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values . Packages for 2009.0 are provided as of the Extended Maintenance Program