vulnerability

Debian: CVE-2023-1055: 389-ds-base -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:C/I:N/A:N)	Feb 27, 2023	May 15, 2025	Mar 30, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:N)

Published

Feb 27, 2023

Added

May 15, 2025

Modified

Mar 30, 2026

Description

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

Solution

no-fix-debian-deb-package

References

CVE-2023-1055
https://attackerkb.com/topics/CVE-2023-1055
CWE-200
CWE-295
EUVD-EUVD-2023-23346
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-23346

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report