vulnerability
CentOS Linux: CVE-2020-35518: Moderate: 389-ds:1.4 security and bug fix update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | 03/26/2021 | 04/08/2021 | 05/25/2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
03/26/2021
Added
04/08/2021
Modified
05/25/2023
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Solution(s)
centos-upgrade-389-ds-basecentos-upgrade-389-ds-base-debuginfocentos-upgrade-389-ds-base-debugsourcecentos-upgrade-389-ds-base-develcentos-upgrade-389-ds-base-legacy-toolscentos-upgrade-389-ds-base-legacy-tools-debuginfocentos-upgrade-389-ds-base-libscentos-upgrade-389-ds-base-libs-debuginfocentos-upgrade-389-ds-base-snmpcentos-upgrade-389-ds-base-snmp-debuginfocentos-upgrade-python3-lib389
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.