Vulnerabilities > CVE-2020-35518 - Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
CWE-203

Summary

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Vulnerable Configurations

Part Description Count
OS
Redhat
232
Application
Redhat
1

Common Weakness Enumeration (CWE)