When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-26T16:43:08

Updated: 2024-08-04T17:02:08.248Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35518

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-26T17:15:12.280

Modified: 2024-11-21T05:27:28.920

Link: CVE-2020-35518

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-12-07T00:00:00Z

Links: CVE-2020-35518 - Bugzilla