CVE-2021-33900: Missing Encryption of Sensitive Data

August 9, 2021 (updated August 10, 2021)

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

References

github.com/advisories/GHSA-4x25-f45x-grv5
nvd.nist.gov/vuln/detail/CVE-2021-33900

Code Behaviors & Features

Detect and mitigate CVE-2021-33900 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →