Download
| Alert*
oval:org.secpod.oval:def:1601568
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disab ... oval:org.secpod.oval:def:506295 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:1601569 A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disab ... oval:org.secpod.oval:def:506358 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:89046406 This update for 389-ds fixes the following issues: - CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords . - CVE-2022-1949: Fixed full access control bypass with simple crafted query . - CVE-2021-4091: Fixed double free in psearch . oval:org.secpod.oval:def:89046421 This update for 389-ds fixes the following issues: - CVE-2022-1949: Fixed full access control bypass with simple crafted query . - CVE-2022-0918: Fixed denial of service issue via crafted messages . - CVE-2022-0996: Fixed mishandling of password expiry . - CVE-2021-4091: Fixed double free in psearch ... oval:org.secpod.oval:def:4501369 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:1505144 [1.3.10.2-13] - Bump version to 1.3.10.2-13 - Resolves: Bug 2005399 - Internal unindexed searches in syncrepl - Resolves: Bug 2005432 - CVE-2021-3652 389-ds:1.4/389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed - Resolves: Bug 2005434 - ACIs are being evaluated agains ... oval:org.secpod.oval:def:74594 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:1700765 A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disab ... oval:org.secpod.oval:def:1505054 [1.4.3.16-19] - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin [1.4.3.16-18] - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed [1.4. ... oval:org.secpod.oval:def:89049516 This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts oval:org.secpod.oval:def:2500358 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. oval:org.secpod.oval:def:205901 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed For more d ... oval:org.secpod.oval:def:89047264 This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts |