CVE-2021-3652
MEDIUM6.5EPSS 0.12%389-ds-base - security update
發布日:2022/4/18修改日:2026/4/28
描述
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
受影響套件(2)
- Debian/389-ds-basefrom 0, < 1.4.4.11-2+deb11u1
- Debian/389-ds-basefrom 0, < 1.4.4.11-2+deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |