CVE-2017-15135

8.1HIGH

Key Information:

Vendor: Red Hat
Status: 389-ds-base
Vendor: CVE Published:; 24 January 2018

Summary

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

Affected Version(s)

389-ds-base since 1.3.6.1 up to and including 1.4.0.3

References

http://www.securityfocus.com/bid/102811

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=1525628

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:0414

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 24, 2018
Vulnerability Reserved
Oct 8, 2017

.