Pierre Carrier of airbnb reports:
The net-ldap gem generates SSHA passwords with a salt value between
"0" and "999", providing slightly less than 10 bits of entropy.
Red Hat would like to thank Pierre Carrier of airbnb for reporting this issue.
Not vulnerable. This issue did not affect the versions of rubygem-net-ldap as shipped with Red Hat Subscription Asset Manager, CloudForms Management Engine and Red Hat OpenStack 3 and 4 as they did not include support for the password salting feature.
Fixed in commit: