CVE-2021-33900

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Directory Studio versions prior to 2.0.0.v20210213-M16

Description The issue is related to the absence of protection for service data. An attacker could exploit this to disclose protected information. The problem arises when configured StartTLS encryption is not applied with SASL authentication mechanisms like DIGEST-MD5 and GSSAPI, and when any configured SASL confidentiality layer is not applied.

Recommendations For versions prior to 2.0.0.v20210213-M16, update to a version that includes the fix for this issue to ensure that StartTLS encryption and SASL confidentiality layers are properly applied. As a temporary workaround, consider restricting the use of SASL authentication mechanisms until a patch is available.

Fix

Information Disclosure

Cleartext Transmission of Sensitive Information

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-319CWE-311

Related Identifiers

BDU:2021-04477

CVE-2021-33900

GHSA-4X25-F45X-GRV5

Affected Products

Apache Directory Studio

CVE-2021-33900

Weakness Enumeration

Related Identifiers

Affected Products

References · 11