Unrated severityNVD Advisory· Published Mar 26, 2021· Updated Aug 4, 2024

CVE-2020-35518

Description

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Affected products

389-ds-base/389-ds-basedescription
osv-coords2 versions
pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.2 pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2
< 1.4.3.19~git0.bef0b5bed-lp152.2.12.1+ 1 more
- (no CPE)range: < 1.4.3.19~git0.bef0b5bed-lp152.2.12.1
- (no CPE)range: < 1.4.3.19~git0.bef0b5bed-3.12.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32mitrex_refsource_MISC
github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bcmitrex_refsource_MISC
github.com/389ds/389-ds-base/issues/4480mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000