vulnerability
CentOS Linux: CVE-2020-35518: Moderate: 389-ds:1.4 security and bug fix update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 2021-03-26 | 2021-04-08 | 2023-05-25 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
2021-03-26
Added
2021-04-08
Modified
2023-05-25
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Solution(s)
centos-upgrade-389-ds-basecentos-upgrade-389-ds-base-debuginfocentos-upgrade-389-ds-base-debugsourcecentos-upgrade-389-ds-base-develcentos-upgrade-389-ds-base-legacy-toolscentos-upgrade-389-ds-base-legacy-tools-debuginfocentos-upgrade-389-ds-base-libscentos-upgrade-389-ds-base-libs-debuginfocentos-upgrade-389-ds-base-snmpcentos-upgrade-389-ds-base-snmp-debuginfocentos-upgrade-python3-lib389
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.