Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-3652

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

  • Published: Apr 18, 2022
  • Updated: May 9, 2024
  • CVE: CVE-2021-3652
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
port389 / 389-ds-base - 2.0.7