QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3652

Published: Apr 18, 2022

Modified: Nov 3, 2025

PUBLISHED

Description

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

Vendor	Product	Versions
n/a	389-ds-base	affected `389-ds-base 2.0.7`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1982782

https://github.com/389ds/389-ds-base/issues/4817

[debian-lts-announce] 20230424 [SECURITY] [DLA 3399-1] 389-ds-base security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.