2019-11-08 14:45:46
redhat
PUBLISHED
A flaw was found in the deref plugin of 389-ds-base where it could use the search permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.