Fluid Attacks Database

Description

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	389-ds-base	>=0 <1.3.7.9-1	1.3.7.9-1
debian 13	389-ds-base	>=0 <1.3.7.9-1	1.3.7.9-1
debian 12	389-ds-base	>=0 <1.3.7.9-1	1.3.7.9-1
rpm rhel6	389-ds-base	<0:1.2.11.15-94.el6_9	0:1.2.11.15-94.el6_9
rpm rhel7	389-ds-base	<0:1.3.6.1-28.el7_4	0:1.3.6.1-28.el7_4

Aliases

1. CVE-2017-151352. NVD-2017-151353. OSV-DEBIAN-2017-151354. OSV-2017-151355. SECURITY-TRACKER-CVE-2017-15135

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.