CVE-2021-3652 log

Severity Medium
Remote Yes
Type Authentication bypass
In 389-ds-base before version 2.0.7, it was found that if an asterisk is imported as a password hash, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This would allow an attacker to successfully authenticate as a user who's password was supposedly disabled.
Group Package Affected Fixed Severity Status Ticket
AVG-2206 389-ds-base 2.0.3-2 2.0.7-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Jul 2021 ASA-202107-72 AVG-2206 389-ds-base Medium multiple issues