[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-33900: Apache Directory Studio: StartTLS and SASL confidentiality protection
From: Stefan Seelmann <seelmann () apache ! org>
Date: 2021-07-24 9:23:16
Message-ID: 7b9ad310-d697-ba48-be22-4d85b77a205a () apache ! org
[Download RAW message or body]
Severity: high
Description:
While investigating DIRSTUDIO-1219 it was noticed that configured
StartTLS encryption was not applied when any SASL authentication
mechanism (DIGEST-MD5, GSSAPI) was used. While investigating
DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality
layer was not applied. This issue affects Apache Directory Studio
version 2.0.0.v20210213-M16 and prior versions.
Mitigation:
This issue was fixed in 2.0.0.v20210717-M17. All users using SASL are
recommended to upgrade to Apache Directory Studio 2.0.0.v20210717-M17.
Credit:
Apache Directory would like to thank Hugh Cole-Baker for reporting this
issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic