Описание
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | 389-ds-base | Out of support scope | ||
| Red Hat Enterprise Linux 9 | 389-ds-base | Not affected | ||
| Red Hat Directory Server 11.1 for RHEL 8 | redhat-ds | Fixed | RHSA-2021:0599 | 16.02.2021 |
| Red Hat Directory Server 11.2 for RHEL 8 | redhat-ds | Fixed | RHSA-2021:1243 | 19.04.2021 |
| Red Hat Enterprise Linux 7 | 389-ds-base | Fixed | RHSA-2021:2323 | 08.06.2021 |
| Red Hat Enterprise Linux 8 | 389-ds | Fixed | RHSA-2021:1086 | 06.04.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | 389-ds | Fixed | RHSA-2021:1258 | 19.04.2021 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds ...
5.3 Medium
CVSS3