Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux.
Any .NET application that uses System.DirectoryServices.Protocols
with a vulnerable version listed below on system based on Linux.
Package name | Vulnerable versions | Secure versions |
---|---|---|
System.DirectoryServices.Protocols | 5.0.0 | 5.0.1 |
github.com/dotnet/runtime
github.com/dotnet/runtime/issues/60301
github.com/dotnet/runtime/security/advisories/GHSA-9cxh-gqpx-qc5m
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355
nvd.nist.gov/vuln/detail/CVE-2021-41355
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41355
www.oracle.com/security-alerts/cpujan2022.html