VDB

GCVE-110-MAGEIA-2017-340

GCVE-110-MAGEIA-2017-340
Advisory Published
Vulnetix · Advisory published September 16, 2017
The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account lock, and can continue to attempt passwords via bruteforce, using the change in return code to ascertain a sucessful password auth (CVE-2017-7551).

Affected Products

VendorProductVersionsPlatforms
Mageia389-ds-base0 (affected), 1.3.4.14-1.3.mga5 (unaffected)
Mageia389-ds-base0 (affected), 1.3.5.17-1.1.mga6 (unaffected)

Browse GCVE Records

72,580 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›