CVE-2017-9277

existing connection is being used even though eDirectory LDAP server is upgraded to EBA

CVSS 4.2 MEDIUMEPSS 1.4%

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Novell · eDirectory

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=1005473 https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html https://www.novell.com/support/kb/doc.php?id=7016794