vulnerability
Red Hat: CVE-2020-35518: CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 26, 2021 | Apr 8, 2021 | Dec 15, 2023 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 26, 2021
Added
Apr 8, 2021
Modified
Dec 15, 2023
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Solution(s)
redhat-upgrade-389-ds-baseredhat-upgrade-389-ds-base-debuginforedhat-upgrade-389-ds-base-debugsourceredhat-upgrade-389-ds-base-develredhat-upgrade-389-ds-base-legacy-toolsredhat-upgrade-389-ds-base-legacy-tools-debuginforedhat-upgrade-389-ds-base-libsredhat-upgrade-389-ds-base-libs-debuginforedhat-upgrade-389-ds-base-snmpredhat-upgrade-389-ds-base-snmp-debuginforedhat-upgrade-python3-lib389

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.