Описание
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Отчет
This vulnerability is rated Important when use in a IdM/IPA environment, where an ACI installed by default allows an authenticated attacker to use this flaw to retrieve the userPassword attribute of any user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 7 | 389-ds-base | Fixed | RHSA-2019:3981 | 26.11.2019 |
| Red Hat Enterprise Linux 8 | 389-ds | Fixed | RHSA-2019:3401 | 05.11.2019 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | 389-ds | Fixed | RHSA-2020:0464 | 10.02.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
ELSA-2019-3981: 389-ds-base security and bug fix update (IMPORTANT)
EPSS
6.5 Medium
CVSS3