CVE-2021-41355

CVSS v2.0

6.1

Medium

Vector

AV:A/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions System.DirectoryServices.Protocols version 5.0.0

Description A information disclosure issue exists where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux. This could allow a remote attacker to disclose protected information.

Recommendations For System.DirectoryServices.Protocols version 5.0.0, update to version 5.0.1 to resolve the issue. As a temporary workaround, consider restricting the use of System.DirectoryServices.Protocols on Linux systems until the update is applied. Avoid using the LdapConnection class in sensitive applications until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALSA-2021:3819

ALT-PU-2022-1269

ALT-PU-2022-1270

ALT-PU-2022-1272

ALT-PU-2022-1357

ALT-PU-2022-1358

ALT-PU-2022-1360

ALT-PU-2022-1544

ALT-PU-2022-1545

BDU:2023-06550

BIT-DOTNET-2021-41355

BIT-DOTNET-SDK-2021-41355

BIT-POWERSHELL-2021-41355

CESA-2021_3819

CVE-2021-41355

GHSA-9CXH-GQPX-QC5M

RHSA-2021:3818

RHSA-2021:3819

RHSA-2021_3819

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

System.Directoryservices.Protocols

CVE-2021-41355

Weakness Enumeration

Related Identifiers

Affected Products

References · 22