vulnerability
Red Hat: CVE-2020-35518: CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 26, 2021 | Apr 8, 2021 | Feb 19, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 26, 2021
Added
Apr 8, 2021
Modified
Feb 19, 2026
Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Solutions
redhat-upgrade-389-ds-baseredhat-upgrade-389-ds-base-debuginforedhat-upgrade-389-ds-base-debugsourceredhat-upgrade-389-ds-base-develredhat-upgrade-389-ds-base-legacy-toolsredhat-upgrade-389-ds-base-legacy-tools-debuginforedhat-upgrade-389-ds-base-libsredhat-upgrade-389-ds-base-libs-debuginforedhat-upgrade-389-ds-base-snmpredhat-upgrade-389-ds-base-snmp-debuginforedhat-upgrade-python3-lib389
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.