Lucene search
K

45 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : 389-ds:1.4 (AXSA:2021-2352:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2352:01 advisory. 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Tenable has extracted the preceding description block directl...

6.5CVSS5.6AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 7 : 389-ds-base-1.3.10.2-13.el7 (AXSA:2021-2469:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2469:04 advisory. 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Tenable has extracted the preceding description block directl...

6.5CVSS5.6AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.13 views

Alibaba Cloud Linux 3 : 0059: 389-ds:1.4 (ALINUX3-SA-2021:0059)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0059 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3652: RESERVED This candidate has been...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.26 views

RHEL 8 : redhat-ds:11 (RHSA-2021:3955)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3955 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol...

6.5CVSS7AI score0.01428EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : 389-ds:1.4 (RLSA-2021:3079)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3079 advisory. - A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any passwor...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/04/25 12:0 a.m.26 views

Debian dla-3399 : 389-ds - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3399 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected]...

7.5CVSS6.4AI score0.08426EPSS
Exploits4References20
Debian
Debian
added 2023/04/24 5:25 a.m.39 views

[SECURITY] [DLA 3399-1] 389-ds-base security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3399-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky April 24, 2023 https://wiki.debian.org/LTS -...

7.5CVSS7.8AI score0.08426EPSS
Exploits4
OpenVAS
OpenVAS
added 2022/08/18 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-2214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.51 views

Amazon Linux AMI : 389-ds-base (ALAS-2022-1620)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-9.67. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1620 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.52 views

Amazon Linux AMI : 389-admin (ALAS-2022-1619)

The version of 389-admin installed on the remote host is prior to 1.1.46-5.14. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1619 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then inste...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References3
Amazon
Amazon
added 2022/08/05 12:0 a.m.37 views

Low: 389-admin

Issue Overview: A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successf ully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos...

6.5CVSS7AI score0.01428EPSS
Exploits0
Amazon
Amazon
added 2022/08/05 12:0 a.m.36 views

Low: 389-ds-base

Issue Overview: A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successf ully match during authentication. This flaw allows an attacker to successfully authenticate as a user whos...

6.5CVSS7AI score0.01428EPSS
Exploits0
OSV
OSV
added 2022/06/16 1:26 p.m.6 views

SUSE-SU-2022:2109-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords bsc1188455. - CVE-2022-1949: Fixed full access control bypass with simple crafted query bsc1199889. - CVE-2021-4091: Fixed double free in psearch bsc1195324...

7.5CVSS7AI score0.02014EPSS
Exploits0References7
OSV
OSV
added 2022/04/18 5:15 p.m.30 views

CVE-2021-3652

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

6.5CVSS6.5AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/04/18 5:15 p.m.53 views

CVE-2021-3652

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References4
CVE
CVE
added 2022/04/18 12:0 a.m.145 views

CVE-2021-3652

CVE-2021-3652 affects the 389-ds-base LDAP server. Importing asterisk password hashes can cause any password to succeed on authentication, enabling access to accounts with disabled passwords. Public notices show affected products across distributions (Debian 1.4.4.11-2+deb11u1; Amazon Linux 2/ALA...

6.5CVSS6.3AI score0.01428EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2022/04/18 12:0 a.m.28 views

CVE-2021-3652

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

6.5CVSS6.7AI score0.01428EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/02/24 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2022-1156)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/01/02 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for 389-ds-base (EulerOS-SA-2021-2928)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/12/10 12:0 a.m.48 views

Amazon Linux 2 : 389-ds-base (ALAS-2021-1723)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1723 advisory. A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then...

6.5CVSS6.7AI score0.01428EPSS
Exploits0References3
Rows per page
Query Builder