389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
[
{
"product": "389-ds-base",
"vendor": "389 Directory Server",
"versions": [
{
"status": "affected",
"version": "before 1.3.5.19 and 1.3.6.7"
}
]
}
]