Fedoraproject: >> 389 Directory Server >> 1.3.6.7 Security Vulnerabilities
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
CVSS Score
8.1
EPSS Score
0.021
Published
2018-01-24
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-08-16
Page 2