When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2021-03-26T16:43:08
Updated: 2024-08-04T17:02:08.248Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2020-35518
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-26T17:15:12.280
Modified: 2024-11-21T05:27:28.920
Link: CVE-2020-35518
Redhat