← back
CVE-2020-35518

CVE-2020-35518

EPSS 1.5%CWE-200
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Affected products
n/a · 389-ds-base

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1905565https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bchttps://github.com/389ds/389-ds-base/issues/4480