CVE-2020-35518
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.801
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| 389-ds-base update (ELSA-2021-1086) 389-ds-base-1.4.3.8-7.module+el8.3.0+20006+53cafd96.x86_64.rpm | Linux |
| 389-ds-base-devel update (ELSA-2021-1086) 389-ds-base-devel-1.4.3.8-7.module+el8.3.0+20006+53cafd96.x86_64.rpm | Linux |
| 389-ds-base-legacy-tools update (ELSA-2021-1086) 389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+20006+53cafd96.x86_64.rpm | Linux |
| 389-ds-base-libs update (ELSA-2021-1086) 389-ds-base-libs-1.4.3.8-7.module+el8.3.0+20006+53cafd96.x86_64.rpm | Linux |
| 389-ds-base-snmp update (ELSA-2021-1086) 389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+20006+53cafd96.x86_64.rpm | Linux |
| Python3-lib389 update (ELSA-2021-1086) python3-lib389-1.4.3.8-7.module+el8.3.0+20006+53cafd96.noarch.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update 389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm | Linux |
| (RHSA-2021:1086) 389-ds:1.4 security and bug fix update python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm | Linux |
| (RHSA-2021:2323) 389-ds-base security and bug fix update 389-ds-base-1.3.10.2-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:2323) 389-ds-base security and bug fix update 389-ds-base-devel-1.3.10.2-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:2323) 389-ds-base security and bug fix update 389-ds-base-libs-1.3.10.2-12.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:2323) 389-ds-base security and bug fix update 389-ds-base-snmp-1.3.10.2-12.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234