CVE-2022-0996

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389 Directory Server (affected versions not specified)

Description The issue is related to improper authentication in the 389 Directory Server, allowing expired passwords to access the database. This can be exploited by a remote attacker to gain access to confidential data. The vulnerability is associated with incorrect session expiration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-613

Related Identifiers

ALSA-2022:5823

ALSA-2022:8162

BDU:2023-02636

CESA-2022_5239

CESA-2022_5823

CVE-2022-0996

DLA-3399-1

DLA-4021-1

MGASA-2022-0134

OPENSUSE-SU-2022:1100-1

OPENSUSE-SU-2022_1100-1

OPENSUSE-SU-2024:11952-1

RHSA-2022:5239

RHSA-2022:5620

RHSA-2022:5823

RHSA-2022:8162

RHSA-2022:8976

RHSA-2022_5239

RHSA-2022_5823

RHSA-2022_8162

RLSA-2022:5823

RLSA-2022:8162

SUSE-SU-2022:1100-1

SUSE-SU-2022:1102-1

SUSE-SU-2022:1139-1

SUSE-SU-2022:2163-1

Affected Products

389 Directory Server

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

CVE-2022-0996

Weakness Enumeration

Related Identifiers

Affected Products

References · 81