Rwinter77

**Name of the Vulnerable Software and Affected Versions** 389-ds-base (affected versions not specified) **Description** A flaw was found in the authentication procedure of 389 Directory Server, allowing an attacker to successfully authenticate as a user whose password was disabled. This occurs when an asterisk is imported as password hashes, either accidentally or maliciously, causing any password to successfully match during authentication. The flaw enables a remote attacker to access and compromise confidential data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.