Vulnerability Description
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | 389 Directory Server | < 1.4.3.19 |
| Redhat | Directory Server | 11.0 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565Issue TrackingPatchVendor Advisory
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22cPatchThird Party Advisory
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae9PatchThird Party Advisory
- https://github.com/389ds/389-ds-base/issues/4480PatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565Issue TrackingPatchVendor Advisory
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22cPatchThird Party Advisory
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae9PatchThird Party Advisory
- https://github.com/389ds/389-ds-base/issues/4480PatchThird Party Advisory
FAQ
What is CVE-2020-35518?
CVE-2020-35518 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an...
How severe is CVE-2020-35518?
CVE-2020-35518 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35518?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat 389 Directory Server, Redhat Directory Server, Redhat Enterprise Linux.