Port389: >> 389-Ds-Base >> 1.2.4 Security Vulnerabilities
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-04-18
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-18