Lucene search
ApacheCVELIST:CVE-2021-33900HistoryJul 26, 2021 - 7:05 a.m.
CVE-2021-33900 StartTLS and SASL confidentiality protection bypass
2021-07-2607:05:10
CWE-311
apache
www.cve.org
0.001 Low
EPSS
Percentile
21.8%
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.
CNA Affected
[
{
"product": "Apache Directory Studio",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.0.v20210213-M16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
github
github
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
cve
cve
CVE-2021-33900
2021-07-26 07:15:07
veracode
veracode
Confidentiality Protection Bypass
2021-08-11 08:49:38
nvd
nvd
CVE-2021-33900
2021-07-26 07:15:07
prion
prion
Authentication flaw
2021-07-26 07:15:00
ubuntucve
ubuntucve
CVE-2021-33900
2021-07-26 00:00:00
osv
osv
Missing encryption in Apache Directory Studio
2021-08-09 20:40:53
CVE-2021-33900
2021-07-26 07:15:07