CVE-2020-35518
N/A
N/A
Summary
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | 389-ds-base | 389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19 | affected |
Weaknesses
- CWE-200: CWE-200
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/issues/4480
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/issues/4480
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.