VIR Vulnerability Intelligence Relay

CVE-2017-7551

critical
Published 2017-08-16 · Modified 2026-05-13
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
5.0
VIR risk
9.8

Description

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://pagure.io/389-ds-base/issue/49336

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2017-7551

OS impact
OSVersionStatusFixed in
debian debiantrixiefixed1.3.6.7-1
debian debianbookwormfixed1.3.6.7-1
debian debianbullseyefixed1.3.6.7-1
debian debiansidfixed1.3.6.7-1

Application impact
VendorProductVersionsFixed
fedora fedoraproject389_directory_server1.3.5.19
fedora fedoraproject389_directory_server1.3.6.7

References

CWEs

CWE-209 CWE-640

Verify integrity in audit chain (admin only). AS-IS.