Vulnerability CVE-2017-7551
Published: 2017-08-16   Modified: 2017-08-17

Description:
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

Type:

CWE-640

 (Weak Password Recovery Mechanism for Forgotten Password)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Fedoraproject -> 389 directory server 

 References:
https://access.redhat.com/errata/RHSA-2017:2569
https://pagure.io/389-ds-base/issue/49336
Copyright 2024, cxsecurity.com

 

Back to Top