A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated malicious user to view private attributes, such as password hashes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject 389 directory server - |
||
redhat enterprise linux 7.0 |
||
debian debian linux 8.0 |