#VU55334 Improper Authentication in 389-ds-base - CVE-2021-3652


Vulnerability identifier: #VU55334

Vulnerability risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-3652

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
389-ds-base
Server applications / Directory software, identity management

Vendor: 389 Directory Server Project

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the way the asterisk character is processed by the LDAP server when importing password hashes from /etc/shadow for disabled accounts. As a result of the flaw, if an LDAP admin imports such an account from a NIS or /etc/shadow database into Directory Server, any password will be valid for that account.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

389-ds-base: 2.0.1 - 2.0.6

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1982782
https://github.com/389ds/389-ds-base/issues/4817
https://github.com/389ds/389-ds-base/pull/4819

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for 389-ds-base
Amazon Linux AMI update for 389-admin
SUSE update for 389-ds
SUSE update for 389-ds
CentOS 7 update for 389-ds-base
Anolis OS update for 389-ds:1.4 (Anolis OS 8.2) module
Red Hat Enterprise Linux 8 update for the 389-ds:1.4 module
Red Hat Enterprise Linux 7 update for 389-ds-base
Anolis OS update for 389-ds:1.4 (Anolis OS 8.4) module
SUSE update for 389-ds