Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-3652  

In 389-ds-base, it was found that if an asterisk is imported as a password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This would allow an attacker to successfully authenticate as a user who's password was supposedly disabled.

Source
Severity Medium

Remote Yes

Type Authentication bypass

Description 

In 389-ds-base, it was found that if an asterisk is imported as a password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This would allow an attacker to successfully authenticate as a user who's password was supposedly disabled.

AVG-2206 389-ds-base 2.0.3-2 Medium Vulnerable 

https://bugzilla.redhat.com/show_bug.cgi?id=1982782
https://github.com/389ds/389-ds-base/issues/4817
https://github.com/389ds/389-ds-base/pull/4819
https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started