RHEL 6 : 389-ds-base (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - 389-ds-base: Password brute-force possible for locked account due to different return codes CVE-2017-7551...

389 security update

CentOS Errata and Security Advisory CESA-2021:3807 An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Scientific Linux Security Update : 389-ds-base on SL7.x x86_64 (2021:3807)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2021:3807-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but has...

RHEL 7 : 389-ds-base (RHSA-2021:3807)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3807 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

openSUSE 15 Security Update : 389-ds (openSUSE-SU-2021:1211-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1211-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2021-3079)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3079 advisory. 1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync- plugin...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Low: Red Hat Security Advisory: 389-ds:1.4 security and bug fix update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Low: 389-ds:1.4 security and bug fix update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succee...