Published: 16/08/2017 Updated: 12/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

389-ds-base version prior to 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject 389 directory server 1.3.6.7
fedoraproject 389 directory server 1.3.5.19

Debian Bug report logs - #870752 389-ds-base: CVE-2017-7551: Locked account provides different return code if password is correct Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, ...

Password brute-force possible for locked account due to different return codes:A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory ...

CWE-209 https://pagure.io/389-ds-base/issue/49336 https://access.redhat.com/errata/RHSA-2017:2569 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-905.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-7551

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect