Main Vulnerability Database SB2017073111

SB2017073111 - Brute-force attack in Fedora 389-ds-base

Published: July 31, 2017 Updated: September 6, 2017

Security Bulletin ID SB2017073111

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Brute-force attack (CVE-ID: CVE-2017-7551)

The vulnerability allows remote users to perform brute-force attack on the target system.

The vulnerability exists due to different return codes returned on password attempts. A remote attacker can perform password brute-force attacks during account lockout and obtain valid user's credentials.

Successful exploitation of this vulnerability may result in unauthorized access to the system.

Remediation

Install update from vendor's website.

References

https://pagure.io/389-ds-base/issue/49336