ALAS-2017-905 ---- 389-ds-baseID: oval:org.secpod.oval:def:1600777 | Date: (C)2017-10-04 (M)2023-12-20 |
Class: PATCH | Family: unix |
Password brute-force possible for locked account due to different return codes:A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy
Platform: |
Amazon Linux AMI |