CVE-2026-14969
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.4 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Description
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-329
Source
NVD
Vendor
Red Hat
Product
Red Hat Directory Server 11, Red Hat Directory Server 12, Red Hat Directory Server 13, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Discussion (0)
Add Comment
No comments yet. Be the first!