45 matches found
MiracleLinux 8 : 389-ds:1.4 (AXSA:2021-2352:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2352:01 advisory. 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Tenable has extracted the preceding description block directl...
MiracleLinux 7 : 389-ds-base-1.3.10.2-13.el7 (AXSA:2021-2469:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2469:04 advisory. 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Tenable has extracted the preceding description block directl...
Alibaba Cloud Linux 3 : 0059: 389-ds:1.4 (ALINUX3-SA-2021:0059)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0059 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3652: RESERVED This candidate has been...
RHEL 8 : redhat-ds:11 (RHSA-2021:3955)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3955 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...
Rocky Linux 8 : 389-ds:1.4 (RLSA-2021:3079)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3079 advisory. - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any passwor...
Debian dla-3399 : 389-ds - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3399 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected]...
[SECURITY] [DLA 3399-1] 389-ds-base security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 24, 2023 https://wiki.debian.org/LTS -...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-2214)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: 389-admin
Issue Overview: A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successf ully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos...
Low: 389-ds-base
Issue Overview: A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successf ully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos...
Amazon Linux AMI : 389-ds-base (ALAS-2022-1620)
The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-9.67. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1620 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then...
Amazon Linux AMI : 389-admin (ALAS-2022-1619)
The version of 389-admin installed on the remote host is prior to 1.1.46-5.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1619 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then inste...
SUSE-SU-2022:2109-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords bsc1188455. - CVE-2022-1949: Fixed full access control bypass with simple crafted query bsc1199889. - CVE-2021-4091: Fixed double free in psearch bsc1195324...
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
CVE-2021-3652
CVE-2021-3652 affects the 389-ds-base LDAP server. Importing asterisk password hashes can cause any password to succeed on authentication, enabling access to accounts with disabled passwords. Public notices show affected products across distributions (Debian 1.4.4.11-2+deb11u1; Amazon Linux 2/ALA...
CVE-2021-3652
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-1156)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2021-2928)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : 389-ds-base (ALAS-2021-1723)
The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1723 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then...