← volver
CVE-2020-35518

CVE-2020-35518

EPSS 1.5%CWE-200
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 mar 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Productos afectados
n/a · 389-ds-base

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1905565https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bchttps://github.com/389ds/389-ds-base/issues/4480