Fedora Account System
Red Hat Associate
Red Hat Customer
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function pbkdf2_sha256_pw_cmp() in ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c uses standard memcmp() for hash comparison instead of the project's constant-time slapi_ct_memcmp(). Every other password storage scheme in the same plugin uses slapi_ct_memcmp(), which was introduced specifically to prevent timing side-channels (see CVE-2016-5405). This inconsistency allows a remote attacker with network access to the LDAP service to potentially infer partial hash information through repeated timing measurements of LDAP bind attempts. Practical exploitation is extremely difficult due to the PBKDF2 work factor (8192+ iterations, ~2ms computation time) which dominates and masks the nanosecond-level memcmp timing delta.