CVE-2017-15135

Summary

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.389-ds-basesince 1.3.6.1 up to and including 1.4.0.3affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References