389 Directory Server PBKDF2-SHA256 Password Storage Plugin Unbounded Iteration Count Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in 389 Directory Server versions 1.3.6 and later. The issue arises in the PBKDF2-SHA256 password storage plugin, which fails to impose a limit on the iteration count derived from stored password hashes. This flaw allows a privileged attacker with Directory Manager rights to inject a crafted PBKDF2 hash with an extremely high iteration count. When the modified hash is used during authentication, it can lead to excessive CPU usage, causing worker threads to hang for hours and disrupting service for legitimate users.

Impact

Exploitation of this vulnerability causes unbounded CPU consumption during authentication, leading to a persistent denial-of-service condition. The poisoned hash remains in the database, causing repeated resource exhaustion on every bind operation for the affected account.

Reproduction

The vulnerability can be reproduced by a privileged user with Directory Manager access. After planting a crafted PBKDF2-SHA256 hash with an excessive iteration count into a user's password field, any subsequent LDAP bind operation using that account will trigger the denial-of-service condition by consuming excessive CPU resources. This behavior can be confirmed on systems running Fedora 42 with the production version of 389 Directory Server.

Remediation

To mitigate this vulnerability, disable the 'nsslapd-allow-hashed-passwords' option to prevent non-Directory Manager users from setting pre-hashed passwords. It is also advisable to restrict Directory Manager access to management networks and monitor for unusual password hash modifications or extended bind operation times, which could indicate exploitation.