CVE-2017-7551

Description

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

Affected products

• 389 Directory Server / 389-ds-basebefore 1.3.5.19 and 1.3.6.7 – before 1.3.5.19 and 1.3.6.7

References

• VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2017:2569
• MISChttps://pagure.io/389-ds-base/issue/49336