CVE-2023-1055

RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.

A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to list processes and display hashed passwords. The highest threat is to data confidentiality.

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-02-27 CVE Reserved
2023-02-27 CVE Published
2025-03-11 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-295: Improper Certificate Validation

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI	2023-11-07
https://access.redhat.com/security/cve/CVE-2023-1055	2023-08-15
https://bugzilla.redhat.com/show_bug.cgi?id=2173517	2023-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				11.5 Search vendor "Redhat" for product "Directory Server" and version "11.5"		-		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				11.6 Search vendor "Redhat" for product "Directory Server" and version "11.6"		-		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				12.0 Search vendor "Redhat" for product "Directory Server" and version "12.0"		-		Affected
Redhat Search vendor "Redhat"		Directory Server Search vendor "Redhat" for product "Directory Server"				12.1 Search vendor "Redhat" for product "Directory Server" and version "12.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				36 Search vendor "Fedoraproject" for product "Fedora" and version "36"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected