3 matches found
CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...
CVE-2026-14969
The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...
PT-2003-1126 · Openldap · Openldap
Name of the Vulnerable Software and Affected Versions: OpenLDAP versions 2.1.12 and earlier Description: The issue allows remote attackers to cause a denial of service, potentially leading to disruption of protected information availability. This is due to the ldbm back exop passwd function in th...