CVE-2021-3652

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-3652
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3652.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-3652
Related
Published
2022-04-18T17:15:15Z
Modified
2024-12-09T16:47:23.860089Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

References

Affected packages

Debian:11 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.4.11-2
1.4.4.16-1
1.4.4.17-1

2.*

2.0.11-1
2.0.11-2
2.0.14-1
2.0.15-1
2.0.15-1.1
2.3.1-1
2.3.1+dfsg1-1
2.3.4+dfsg1-1
2.3.4+dfsg1-1.1
2.4.4+dfsg1-1
2.4.4+dfsg1-3
2.4.5+dfsg1-1

3.*

3.0.2+dfsg1-1
3.1.1+dfsg1-1
3.1.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / 389-ds-base

Package

Name
389-ds-base
Purl
pkg:deb/debian/389-ds-base?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.4.17-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/389ds/389-ds-base

Affected ranges

Type
GIT
Repo
https://github.com/389ds/389-ds-base
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

389-ds-base-1.*

389-ds-base-1.2.10.a1
389-ds-base-1.2.10.a2
389-ds-base-1.2.10.a3
389-ds-base-1.2.10.a4
389-ds-base-1.2.10.a5
389-ds-base-1.2.10.a6
389-ds-base-1.2.10.a7
389-ds-base-1.2.10.a8
389-ds-base-1.2.10.rc1
389-ds-base-1.2.11.a1
389-ds-base-1.2.3
389-ds-base-1.2.4
389-ds-base-1.2.5.a1
389-ds-base-1.2.5.rc1
389-ds-base-1.2.5.rc2
389-ds-base-1.2.5.rc3
389-ds-base-1.2.5.rc4
389-ds-base-1.2.6.a1
389-ds-base-1.2.6.a2
389-ds-base-1.2.6.a3
389-ds-base-1.2.6.a4
389-ds-base-1.2.6.rc1
389-ds-base-1.2.6.rc2
389-ds-base-1.2.6.rc3
389-ds-base-1.2.7
389-ds-base-1.2.7.1
389-ds-base-1.2.7.2
389-ds-base-1.2.7.3
389-ds-base-1.2.7.4
389-ds-base-1.2.7.a1
389-ds-base-1.2.7.a2
389-ds-base-1.2.7.a3
389-ds-base-1.2.7.a4
389-ds-base-1.2.7.a5
389-ds-base-1.2.8.a1
389-ds-base-1.2.8.a2
389-ds-base-1.2.9.0
389-ds-base-1.2.9.1
389-ds-base-1.2.9.2
389-ds-base-1.2.9.3
389-ds-base-1.2.9.4
389-ds-base-1.2.9.5
389-ds-base-1.2.9.a1
389-ds-base-1.2.9.a2
389-ds-base-1.3.0.a1
389-ds-base-1.3.0.rc1
389-ds-base-1.3.5.0
389-ds-base-1.3.5.1
389-ds-base-1.3.5.10
389-ds-base-1.3.5.11
389-ds-base-1.3.5.12
389-ds-base-1.3.5.13
389-ds-base-1.3.5.2
389-ds-base-1.3.5.3
389-ds-base-1.3.5.4
389-ds-base-1.3.5.5
389-ds-base-1.3.5.6
389-ds-base-1.3.5.7
389-ds-base-1.3.5.8
389-ds-base-1.3.5.9
389-ds-base-1.3.6.0
389-ds-base-1.3.6.1
389-ds-base-1.3.6.2
389-ds-base-1.3.6.3
389-ds-base-1.3.6.4
389-ds-base-1.3.7.0
389-ds-base-1.3.7.2
389-ds-base-1.3.7.3
389-ds-base-1.3.7.4
389-ds-base-1.4.0.0
389-ds-base-1.4.0.1
389-ds-base-1.4.0.10
389-ds-base-1.4.0.11
389-ds-base-1.4.0.12
389-ds-base-1.4.0.13
389-ds-base-1.4.0.14
389-ds-base-1.4.0.15
389-ds-base-1.4.0.16
389-ds-base-1.4.0.17
389-ds-base-1.4.0.18
389-ds-base-1.4.0.19
389-ds-base-1.4.0.2
389-ds-base-1.4.0.20
389-ds-base-1.4.0.3
389-ds-base-1.4.0.4
389-ds-base-1.4.0.5
389-ds-base-1.4.0.6
389-ds-base-1.4.0.7
389-ds-base-1.4.0.8
389-ds-base-1.4.0.9
389-ds-base-1.4.1.0
389-ds-base-1.4.1.1
389-ds-base-1.4.1.2
389-ds-base-1.4.1.3
389-ds-base-1.4.1.4
389-ds-base-1.4.1.5
389-ds-base-1.4.1.6
389-ds-base-1.4.2.1
389-ds-base-1.4.2.2
389-ds-base-1.4.2.3
389-ds-base-1.4.2.4
389-ds-base-1.4.2.5
389-ds-base-1.4.3.1
389-ds-base-1.4.3.2
389-ds-base-1.4.3.3
389-ds-base-1.4.3.4
389-ds-base-1.4.3.5
389-ds-base-1.4.4.0
389-ds-base-1.4.4.1
389-ds-base-1.4.4.2
389-ds-base-1.4.4.3
389-ds-base-1.4.4.4
389-ds-base-1.4.4.5
389-ds-base-1.4.5.0

389-ds-base-2.*

389-ds-base-2.0.0
389-ds-base-2.0.0.0
389-ds-base-2.0.1
389-ds-base-2.0.2
389-ds-base-2.0.3
389-ds-base-2.0.4
389-ds-base-2.0.5

Other

Directory_Server_8_1_Candidate_20090324
FedoraDirSvr10
FedoraDirSvr110a1
FedoraDirSvr110a2
FedoraDirSvr110a3
FedoraDirSvr110a3_20070320
FedoraDirSvr110a4
FedoraDirSvr110a4_20070720
FedoraDirSvr110b1
FedoraDirSvr110b1_20070813
FedoraDirSvr110b1_20070816
FedoraDirSvr110b2
FedoraDirSvr110b2_20071107
FedoraDirSvr111
FedoraDirSvr111_20080530
FedoraDirSvr_1_1_2
FedoraDirSvr_1_1_2_20080904
FedoraDirSvr_1_1_2_RC
FedoraDirSvr_1_1_2_RC2
FedoraDirSvr_1_1_2_RC_20080828
FedoraDirSvr_1_1_3_20080923
FedoraDirSvr_20051103_RTC
before-merge-nunc-stans
ldapserver7x