vulnerability

Red Hat: CVE-2020-35518: CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN (Multiple Advisories)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 26, 2021
Added
Apr 8, 2021
Modified
Dec 15, 2023

Description

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Solution(s)

redhat-upgrade-389-ds-baseredhat-upgrade-389-ds-base-debuginforedhat-upgrade-389-ds-base-debugsourceredhat-upgrade-389-ds-base-develredhat-upgrade-389-ds-base-legacy-toolsredhat-upgrade-389-ds-base-legacy-tools-debuginforedhat-upgrade-389-ds-base-libsredhat-upgrade-389-ds-base-libs-debuginforedhat-upgrade-389-ds-base-snmpredhat-upgrade-389-ds-base-snmp-debuginforedhat-upgrade-python3-lib389
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.