CVE-2022-0996

Summary

CVE	CVE-2022-0996
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-23 20:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Application	Redhat	389 Directory Server	1.4	All	All	All
Operating System	Redhat	389 Directory Server	1.4.0.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
[SECURITY] Fedora 34 Update: 389-ds-base-2.0.15-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
GitHub - ByteHackr/389-ds-base	MISC	github.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
2064769 – (CVE-2022-0996) CVE-2022-0996 389-ds-base: expired password was still allowed to access the database	MISC	bugzilla.redhat.com
[SECURITY] [DLA 3399-1] 389-ds-base security update	MISC	lists.debian.org
[SECURITY] Fedora 35 Update: 389-ds-base-2.0.15-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
[SECURITY] Fedora 34 Update: 389-ds-base-2.0.15-1.fc34 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
[SECURITY] Fedora 35 Update: 389-ds-base-2.0.15-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159917 Oracle Enterprise Linux Security Update for 389-ds-base (ELSA-2022-5239)
160018 Oracle Enterprise Linux Security Update for 389-ds:1.4 (ELSA-2022-5823)
160301 Oracle Enterprise Linux Security Update for 389-ds-base (ELSA-2022-8162)
181751 Debian Security Update for 389-ds-base (DLA 3399-1)
184849 Debian Security Update for 389-ds-base (CVE-2022-0996)
240493 Red Hat Update for 389-ds-base security (RHSA-2022:5239)
240551 Red Hat Update for 389-ds:1.4 (RHSA-2022:5620)
240582 Red Hat Update for 389-ds:1.4 (RHSA-2022:5823)
240906 Red Hat Update for 389-ds-base security (RHSA-2022:8162)
241011 Red Hat Update for 389-ds-base (RHSA-2022:8976)
257183 CentOS Security Update for 389-ds-base (CESA-2022:5239)
282545 Fedora Security Update for 389 (FEDORA-2022-40544b5314)
282546 Fedora Security Update for 389 (FEDORA-2022-2558f14c58)
353990 Amazon Linux Security Advisory for 389-ds-base : ALAS2-2022-1819
377303 Alibaba Cloud Linux Security Update for 389-ds-base (ALINUX2-SA-2022:0029)
377555 Alibaba Cloud Linux Security Update for 389-ds:1.4 (ALINUX3-SA-2022:0156)
671702 EulerOS Security Update for 389-ds-base (EulerOS-SA-2022-1701)
671857 EulerOS Security Update for 389-ds-base (EulerOS-SA-2022-1881)
671887 EulerOS Security Update for 389-ds-base (EulerOS-SA-2022-1921)
751965 SUSE Enterprise Linux Security Update for 389-ds (SUSE-SU-2022:1102-1)
751968 OpenSUSE Security Update for 389-ds (openSUSE-SU-2022:1100-1)
751977 SUSE Enterprise Linux Security Update for 389-ds (SUSE-SU-2022:1139-1)
752257 SUSE Enterprise Linux Security Update for 389-ds (SUSE-SU-2022:2163-1)
753446 SUSE Enterprise Linux Security Update for 389-ds (SUSE-SU-2022:1100-1)
940605 AlmaLinux Security Update for 389-ds:1.4 (ALSA-2022:5823)
940813 AlmaLinux Security Update for 389-ds-base (ALSA-2022:8162)
960294 Rocky Linux Security Update for 389-ds:1.4 (RLSA-2022:5823)
960625 Rocky Linux Security Update for 389-ds-base (RLSA-2022:8162)