CVE-2021-33900

CVE-2021-33900: StartTLS and SASL confidentiality protection bypass

Vendor Apache Software Foundation
Product Apache Directory Studio
Weakness CWE-311 · Missing encryption
Published July 26, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

Key dates

02Disclosure timeline

July 26, 2021 CVE published
August 4, 2024 Record updated