CVE-2020-35518

Published: Mar 26, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Vendor	Product	Versions
n/a	389-ds-base	affected `389-ds-base 2.0.3, 389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19`

Weaknesses (CWE)

CWE-200

References

https://bugzilla.redhat.com/show_bug.cgi?id=1905565

x_refsource_MISC

https://github.com/389ds/389-ds-base/issues/4480

x_refsource_MISC

https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc

x_refsource_MISC

https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-35518

Description

Affected Products

Weaknesses (CWE)

References