Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-15041

LOW NVD
CVSS Score 3.7
Severity LOW
Published Jul 08, 2026
Vendor unknown

Description

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.

References