Описание
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | 2.0.2 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | released | 1.4.3.6-2ubuntu0.1~esm1 |
| esm-apps/jammy | not-affected | 2.0.2 |
| esm-apps/noble | not-affected | 2.0.2 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
Показывать по
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds ...
5 Medium
CVSS2
5.3 Medium
CVSS3