PT-2021-7759 · Red Hat+5 · 389-Ds-Base+6

Rwinter77

Published

2021-06-29

Updated

2025-01-20

CVE-2021-3652

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description A flaw was found in the authentication procedure of 389 Directory Server, allowing an attacker to successfully authenticate as a user whose password was disabled. This occurs when an asterisk is imported as password hashes, either accidentally or maliciously, causing any password to successfully match during authentication. The flaw enables a remote attacker to access and compromise confidential data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2022-2754

ALT-PU-2022-2971

BDU:2023-02651

CESA-2021_3079

CESA-2021_3807

CVE-2021-3652

DLA-3399-1

DLA-4021-1

MGASA-2021-0440

OPENSUSE-SU-2021:1211-1

OPENSUSE-SU-2021:2801-1

OPENSUSE-SU-2021_1211-1

OPENSUSE-SU-2021_2801-1

RHSA-2021:3079

RHSA-2021:3807

RHSA-2021:3906

RHSA-2021:3955

RHSA-2021_3079

RHSA-2021_3807

RLSA-2021:3079

ROSA-SA-2023-2237

SUSE-SU-2021:2801-1

SUSE-SU-2021:2857-1

SUSE-SU-2021_2801-1

SUSE-SU-2021_2857-1

SUSE-SU-2022:2109-1

SUSE-SU-2022:2163-1

SUSE-SU-2022_2109-1

Affected Products

389-Ds-Base

Alt Linux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

PT-2021-7759 · Red Hat+5 · 389-Ds-Base+6

CVE-2021-3652

Weakness Enumeration

Related Identifiers

Affected Products

References · 58