CVE-2020-35518

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description The issue allows an unauthenticated attacker to check the existence of an entry in the LDAP database by exploiting the different replies from 389-ds-base when binding against a DN during authentication. This can lead to the disclosure of information and potentially allow a remote attacker to access confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

BDU:2023-02645

CESA-2021_1086

CESA-2021_2323

CVE-2020-35518

OESA-2022-1602

OESA-2022-2056

OPENSUSE-SU-2021:0418-1

OPENSUSE-SU-2021_0418-1

RHSA-2021:0599

RHSA-2021:1086

RHSA-2021:1243

RHSA-2021:1258

RHSA-2021:2323

RHSA-2021_1086

RHSA-2021_2323

SUSE-SU-2021:0724-1

SUSE-SU-2021_0724-1

USN-5231-1

Affected Products

389-Ds-Base

Astra Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2020-35518

Weakness Enumeration

Related Identifiers

Affected Products

References · 33