Brute-force attack in 389-ds-base - CVE-2017-7551
Published: September 6, 2017
Vulnerability identifier: #VU8118
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7551
CWE-ID: CWE-307
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: 389 Directory Server Project
Affected software:
389-ds-base
389-ds-base
Detailed vulnerability description
The vulnerability allows remote users to perform brute-force attack on the target system.
The vulnerability exists due to different return codes returned on password attempts. A remote attacker can perform password brute-force attacks during account lockout and obtain valid user's credentials.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
The vulnerability exists due to different return codes returned on password attempts. A remote attacker can perform password brute-force attacks during account lockout and obtain valid user's credentials.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
How to mitigate CVE-2017-7551
Update to version 1.3.5.19 or 1.3.6.7.