CVE-2017-7551

CWE-209CWE-6408 documents7 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 38.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
389 Directory Server 389-ds-baseFedoraproject 389 Directory Server
Timeline
PublishedAug 16
Latest updateMay 14

Description

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Debian389-ds-base< 1.3.6.7-1+2
CVEListV5389_directory_server/389-ds-basebefore 1.3.5.19 and 1.3.6.7
NVDfedoraproject/389_directory_server1.3.5.19, 1.3.6.7+1

Patches

Patch: pagure.ioPatch: pagure.io

🔴Vulnerability Details

3
GHSA
GHSA-rr4q-qmwm-h86v: 389-ds-base version before 12022-05-14
OSV
CVE-2017-7551: 389-ds-base version before 12017-08-16
CVEList
CVE-2017-7551: 389-ds-base version before 12017-08-16

📋Vendor Advisories

2
Red Hat
389-ds-base: Password brute-force possible for locked account due to different return codes2017-07-31
Debian
CVE-2017-7551: 389-ds-base - 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute...2017

💬Community

2
Bugzilla
CVE-2017-7551 389-ds-base: Password brute-force possible for locked account due to different return codes [fedora-all]2017-08-02
Bugzilla
CVE-2017-7551 389-ds-base: Password brute-force possible for locked account due to different return codes2017-08-02
CVE-2017-7551 (CRITICAL CVSS 9.8) | 389-ds-base version before 1.3.5.19 | cvebase.io