CVE-2017-15135

CVE-2017-15135

Vendor Red Hat, Inc.
Product 389-ds-base
Weakness CWE-287 · Improper authentication
Published January 24, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

Key dates

02Disclosure timeline

January 24, 2018 CVE published
August 5, 2024 Record updated