#VU11126 Improper authentication in 389-ds-base - CVE-2017-15135

Cybersecurity Help s.r.o.

Published: 2018-03-16

Vulnerability identifier: #VU11126

Vulnerability risk: Low

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-15135

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
389-ds-base
Server applications / Directory software, identity management

Vendor: 389 Directory Server Project

Description
The vulnerability allows a remote unauthenticated attacker to bypass authentication on the target system.

The weakness exists due to improper handling of internal hash comparison operations. A remote attacker can bypass the authentication process.

Mitigation
Install update from vendor's website.

Vulnerable software versions

389-ds-base: 1.3.1.0 - 1.3.1.19, 1.4.0 - 1.4.0.3

External links
https://access.redhat.com/errata/RHSA-2018:0414
https://access.redhat.com/errata/RHSA-2018:0515

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for 389-ds

Amazon Linux AMI update for 389-ds-base

Red Hat update for 389-ds-base

Authentication bypass in 389-ds-base