389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2017:2569 | |
https://pagure.io/389-ds-base/issue/49336 | Exploit Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Feb 2023, 23:31
Type | Values Removed | Values Added |
---|---|---|
Summary | 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | |
CWE | CWE-209 | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy. |
Information
Published : 2017-08-16 18:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-7551
Mitre link : CVE-2017-7551
CVE.ORG link : CVE-2017-7551
JSON object : View
Products Affected
fedoraproject
- 389_directory_server