A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-02-27T00:00:00

Updated: 2024-08-02T05:32:46.360Z

Reserved: 2023-02-27T00:00:00

Link: CVE-2023-1055

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-27T22:15:09.990

Modified: 2024-11-21T07:38:22.297

Link: CVE-2023-1055

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-27T00:00:00Z

Links: CVE-2023-1055 - Bugzilla