CVE-2026-14969
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3D
CVSS
4.4
Medio
EPSS
0.1%
p0
KEV
—
Exploit Today
0
0-100
Publicado: 7 jul 2026 · Última mod.: 9 jul 2026 · CWE-329
0.1%EPSS · 30 días0.1%
2026-07-082026-07-16
A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.