Vulnerabilities > CVE-2021-3652 - Unspecified vulnerability in Port389 389-Ds-Base

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

port389

NVD

Published: 2022-04-18

Updated: 2023-04-24

Summary

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

Vulnerable Configurations

Part	Description	Count
Application	Port389 Port389 389 DS Base - Port389 389 DS Base 1.2.1 Port389 389 DS Base 1.2.2 Port389 389 DS Base 1.2.3 Port389 389 DS Base 1.2.4 Port389 389 DS Base 1.2.5 Port389 389 DS Base 1.2.6 Port389 389 DS Base 1.2.6.1 Port389 389 DS Base 1.2.7 Port389 389 DS Base 1.2.7.1 Port389 389 DS Base 1.2.7.2 Port389 389 DS Base 1.2.7.3 Port389 389 DS Base 1.2.7.4 Port389 389 DS Base 1.2.7.5 Port389 389 DS Base 1.2.8.0 Port389 389 DS Base 1.2.8.1 Port389 389 DS Base 1.2.8.2 Port389 389 DS Base 1.2.8.3 Port389 389 DS Base 1.2.9.0 Port389 389 DS Base 1.2.9.1 Port389 389 DS Base 1.2.9.2 Port389 389 DS Base 1.2.9.3 Port389 389 DS Base 1.2.9.4 Port389 389 DS Base 1.2.9.5 Port389 389 DS Base 1.2.9.6 Port389 389 DS Base 1.2.9.8 Port389 389 DS Base 1.2.9.9 Port389 389 DS Base 1.2.9.10 Port389 389 DS Base 1.2.10.0	29

Summary

Vulnerable Configurations

References