CVE-2020-35518

Summary

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Affected Software

VendorProductVersion RangeStatus
n/a389-ds-base389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References