Static initialization vector in AES-CBC/3DES-CBC attribute encryption
Summary
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks. This does not enable direct plaintext recovery but allows ciphertext comparison across entries sharing the same attribute value. Exploiting this requires privileged read access to the raw database files on disk, which on Red Hat Enterprise Linux are owned by the dirsrv user with mode 0700. An attacker with this level of access can typically obtain attribute values through more direct means, such as querying LDAP as Directory Manager. The practical risk is limited to scenarios where database files are exposed without the corresponding encryption keys, such as stolen backups. Red Hat rates this Moderate: impact is limited to Confidentiality (C:H) with no Integrity or Availability impact, and exploitation requires local access (AV:L) with high privileges (PR:H). Red Hat severity: Moderate — CVSS 4.4 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-329.
Mitigation checklist
- Disable attribute encryption if it is not required for the deployment. If attribute encryption is required, restrict filesystem access to the LDBM database directory (/var/lib/dirsrv/slapd-<instance>/db/) to ensure only authorized administrators can read database files.
Official advisory · high-confidence parse· fetched 34 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.