CVE-2020-35518

Description

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Related CPE's

oredhat389_directory_server********
vulnerable
oredhat389_directory_server********
vulnerable
oredhat389_directory_server********
vulnerable
aredhatdirectory_server11.0*******
vulnerable
oredhatenterprise_linux7.0*******
vulnerable
oredhatenterprise_linux8.0*******
vulnerable

References

https://bugzilla.redhat.com/show_bug.cgi?id=1905565

Issue TrackingPatchVendor Advisory

https://github.com/389ds/389-ds-base/issues/4480

PatchThird Party Advisory

https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc

PatchThird Party Advisory

https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32

PatchThird Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

5.3

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

NONE

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:P/I:N/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE