Bug 2498023 - CVE-2026-15041 389-ds-base: 389-ds-base: Non-constant-time comparison in PBKDF2-SHA256 password verification [fedora-all]
Summary: CVE-2026-15041 389-ds-base: 389-ds-base: Non-constant-time comparison in PBKD...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: 389-ds-base
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: mreynolds
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["de4fadec-ed8c-4f57-9b38-1...
Depends On:
Blocks: CVE-2026-15041
TreeView+ depends on / blocked
 
Reported: 2026-07-08 10:11 UTC by Samuele Negrini
Modified: 2026-07-08 10:11 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:
fedora-admin-xmlrpc: mirror+


Attachments (Terms of Use)

Description Samuele Negrini 2026-07-08 10:11:05 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function pbkdf2_sha256_pw_cmp() in ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c uses standard memcmp() for hash comparison instead of the project's constant-time slapi_ct_memcmp(). Every other password storage scheme in the same plugin uses slapi_ct_memcmp(), which was introduced specifically to prevent timing side-channels (see CVE-2016-5405). This inconsistency allows a remote attacker with network access to the LDAP service to potentially infer partial hash information through repeated timing measurements of LDAP bind attempts. Practical exploitation is extremely difficult due to the PBKDF2 work factor (8192+ iterations, ~2ms computation time) which dominates and masks the nanosecond-level memcmp timing delta.


Note You need to log in before you can comment on or make changes to this bug.