CVE-2017-15135
published 2018-01-24CVE-2017-15135: It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the…
high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | 389-ds-base | < 389-ds-base 1.3.7.9-1 (bookworm) | 389-ds-base 1.3.7.9-1 (bookworm) |
| fedoraproject | 389_directory_server | 1.3.6.1 – 1.4.0.3 | — |
| port389 | 389-ds-base | >= 0 < 1.3.7.9-1 | 1.3.7.9-1 |
| port389 | 389-ds-base | >= 0 < 1.3.7.9-1 | 1.3.7.9-1 |
| port389 | 389-ds-base | >= 0 < 1.3.7.9-1 | 1.3.7.9-1 |
| red_hat_inc | 389-ds-base | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH