{"id":"CVE-2021-3652","details":"A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.","modified":"2026-04-16T04:32:43.521837564Z","published":"2022-04-18T17:15:15.443Z","related":["SUSE-SU-2021:2801-1","SUSE-SU-2021:2857-1","SUSE-SU-2022:2109-1","SUSE-SU-2022:2163-1","openSUSE-SU-2021:1211-1","openSUSE-SU-2021:2801-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982782"},{"type":"FIX","url":"https://github.com/389ds/389-ds-base/issues/4817"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/389ds/389-ds-base","events":[{"introduced":"0"},{"fixed":"0f443bf33745a2caa8aedffc2661dba50ced0dac"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.7"}]}}],"versions":["389-ds-base-1.2.10.a1","389-ds-base-1.2.10.a2","389-ds-base-1.2.10.a3","389-ds-base-1.2.10.a4","389-ds-base-1.2.10.a5","389-ds-base-1.2.10.a6","389-ds-base-1.2.10.a7","389-ds-base-1.2.10.a8","389-ds-base-1.2.10.rc1","389-ds-base-1.2.11.a1","389-ds-base-1.2.3","389-ds-base-1.2.4","389-ds-base-1.2.5.a1","389-ds-base-1.2.5.rc1","389-ds-base-1.2.5.rc2","389-ds-base-1.2.5.rc3","389-ds-base-1.2.5.rc4","389-ds-base-1.2.6.a1","389-ds-base-1.2.6.a2","389-ds-base-1.2.6.a3","389-ds-base-1.2.6.a4","389-ds-base-1.2.6.rc1","389-ds-base-1.2.6.rc2","389-ds-base-1.2.6.rc3","389-ds-base-1.2.7","389-ds-base-1.2.7.1","389-ds-base-1.2.7.2","389-ds-base-1.2.7.3","389-ds-base-1.2.7.4","389-ds-base-1.2.7.a1","389-ds-base-1.2.7.a2","389-ds-base-1.2.7.a3","389-ds-base-1.2.7.a4","389-ds-base-1.2.7.a5","389-ds-base-1.2.8.a1","389-ds-base-1.2.8.a2","389-ds-base-1.2.9.0","389-ds-base-1.2.9.1","389-ds-base-1.2.9.2","389-ds-base-1.2.9.3","389-ds-base-1.2.9.4","389-ds-base-1.2.9.5","389-ds-base-1.2.9.a1","389-ds-base-1.2.9.a2","389-ds-base-1.3.0.a1","389-ds-base-1.3.0.rc1","389-ds-base-1.3.5.0","389-ds-base-1.3.5.1","389-ds-base-1.3.5.10","389-ds-base-1.3.5.11","389-ds-base-1.3.5.12","389-ds-base-1.3.5.13","389-ds-base-1.3.5.2","389-ds-base-1.3.5.3","389-ds-base-1.3.5.4","389-ds-base-1.3.5.5","389-ds-base-1.3.5.6","389-ds-base-1.3.5.7","389-ds-base-1.3.5.8","389-ds-base-1.3.5.9","389-ds-base-1.3.6.0","389-ds-base-1.3.6.1","389-ds-base-1.3.6.2","389-ds-base-1.3.6.3","389-ds-base-1.3.6.4","389-ds-base-1.3.7.0","389-ds-base-1.3.7.2","389-ds-base-1.3.7.3","389-ds-base-1.3.7.4","389-ds-base-1.4.0.0","389-ds-base-1.4.0.1","389-ds-base-1.4.0.10","389-ds-base-1.4.0.11","389-ds-base-1.4.0.12","389-ds-base-1.4.0.13","389-ds-base-1.4.0.14","389-ds-base-1.4.0.15","389-ds-base-1.4.0.16","389-ds-base-1.4.0.17","389-ds-base-1.4.0.18","389-ds-base-1.4.0.19","389-ds-base-1.4.0.2","389-ds-base-1.4.0.20","389-ds-base-1.4.0.3","389-ds-base-1.4.0.4","389-ds-base-1.4.0.5","389-ds-base-1.4.0.6","389-ds-base-1.4.0.7","389-ds-base-1.4.0.8","389-ds-base-1.4.0.9","389-ds-base-1.4.1.0","389-ds-base-1.4.1.1","389-ds-base-1.4.1.2","389-ds-base-1.4.1.3","389-ds-base-1.4.1.4","389-ds-base-1.4.1.5","389-ds-base-1.4.1.6","389-ds-base-1.4.2.1","389-ds-base-1.4.2.2","389-ds-base-1.4.2.3","389-ds-base-1.4.2.4","389-ds-base-1.4.2.5","389-ds-base-1.4.3.1","389-ds-base-1.4.3.2","389-ds-base-1.4.3.3","389-ds-base-1.4.3.4","389-ds-base-1.4.3.5","389-ds-base-1.4.4.0","389-ds-base-1.4.4.1","389-ds-base-1.4.4.2","389-ds-base-1.4.4.3","389-ds-base-1.4.4.4","389-ds-base-1.4.4.5","389-ds-base-1.4.5.0","389-ds-base-2.0.0","389-ds-base-2.0.0.0","389-ds-base-2.0.1","389-ds-base-2.0.2","389-ds-base-2.0.3","389-ds-base-2.0.4","389-ds-base-2.0.5","Directory_Server_8_1_Candidate_20090324","FedoraDirSvr10","FedoraDirSvr110a1","FedoraDirSvr110a2","FedoraDirSvr110a3","FedoraDirSvr110a3_20070320","FedoraDirSvr110a4","FedoraDirSvr110a4_20070720","FedoraDirSvr110b1","FedoraDirSvr110b1_20070813","FedoraDirSvr110b1_20070816","FedoraDirSvr110b2","FedoraDirSvr110b2_20071107","FedoraDirSvr111","FedoraDirSvr111_20080530","FedoraDirSvr_1_1_2","FedoraDirSvr_1_1_2_20080904","FedoraDirSvr_1_1_2_RC","FedoraDirSvr_1_1_2_RC2","FedoraDirSvr_1_1_2_RC_20080828","FedoraDirSvr_1_1_3_20080923","FedoraDirSvr_20051103_RTC","before-merge-nunc-stans","ldapserver7x"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3652.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}