When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
https://bugzilla.redhat.com/show_bug.cgi?id=1905565 https://github.com/389ds/389-ds-base/issues/4480 https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3