Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1055: LDAP browser tries to decode userPassword instead of userCertificate attribute

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

CVE
#vulnerability#linux#red_hat#js#git#ldap

Bug 2173517 (CVE-2023-1055) - CVE-2023-1055 RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute

Summary: CVE-2023-1055 RHDS: LDAP browser tries to decode userPassword instead of user…

Keywords:

Status:

NEW

Alias:

CVE-2023-1055

Product:

Security Response

Classification:

Other

Component:

vulnerability

Sub Component:

Version:

unspecified

Hardware:

All

OS:

Linux

Priority:

medium

Severity:

medium

Target Milestone:

Assignee:

Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

2173628 2173629 2173675 2173676

Blocks:

2173182 2173596

TreeView+

depends on / blocked

Reported:

2023-02-27 07:52 UTC by Borja Tarraso

Modified:

2023-02-27 16:10 UTC (History)

CC List:

2 users (show)

Fixed In Version:

Doc Type:

Doc Text:

A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to list processes and display hashed passwords. The highest threat is to data confidentiality.

Clone Of:

Environment:

Last Closed:

Attachments

(Terms of Use)

Description Borja Tarraso 2023-02-27 07:52:53 UTC

In RHDS 11 and 12 while browsing entries, the LDAP Browser tries to decode a user certificate on the server, but instead of decoding a userCertificate attribute, it tries to decode userPassword attribute. This leaks a hashed password in the process list as an argument.

The possible issue is caused by the showCertificate() function that does the decoding here: https://github.com/389ds/389-ds-base/blob/c69f2691bb9c3933c1ff3f81139011fc7d66b0aa/src/cockpit/389-console/src/lib/ldap_editor/lib/utils.jsx#L989-L997

This code is present in all versions of RHDS that ship LDAP Browser (12.0, 12.1 and 11.5, 11.6).

Comment 3 Borja Tarraso 2023-02-27 15:42:32 UTC

Created 389-ds-base tracking bugs for this issue:

Affects: fedora-36 [bug 2173675] Affects: fedora-37 [bug 2173676]

Note You need to log in before you can comment on or make changes to this bug.

Related news

Red Hat Security Advisory 2023-4655-01

Red Hat Security Advisory 2023-4655-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

RHSA-2023:4655: Red Hat Security Advisory: redhat-ds:11 security, bug fix, and enhancement update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1055: A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to list processes and displ...

Red Hat Security Advisory 2023-3489-01

Red Hat Security Advisory 2023-3489-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

RHSA-2023:3489: Red Hat Security Advisory: redhat-ds:12 security, bug fix, and enhancement update

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1055: A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to list processes and displ...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907