Vulnerabilities > CVE-2020-35518 - Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/issues/4480
- https://github.com/389ds/389-ds-base/issues/4480