CVE-2021-33900
N/A
N/A
Summary
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Directory Studio | unspecified <= 2.0.0.v20210213-M16 | affected |
Weaknesses
- CWE-311: CWE-311 Missing Encryption of Sensitive Data
Workarounds
This issue was fixed in 2.0.0.v20210717-M17. All users using SASL are recommended to upgrade to Apache Directory Studio 2.0.0.v20210717-M17.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.