directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <>
Subject CVE-2021-33900: Apache Directory Studio: StartTLS and SASL confidentiality protection bypass
Date Sat, 24 Jul 2021 09:19:52 GMT
Severity: high


While investigating DIRSTUDIO-1219 it was noticed that configured
StartTLS encryption was not applied when any SASL authentication
mechanism (DIGEST-MD5, GSSAPI) was used. While investigating
DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality
layer was not applied. This issue affects Apache Directory Studio
version 2.0.0.v20210213-M16 and prior versions.


This issue was fixed in 2.0.0.v20210717-M17. All users using SASL are
recommended to upgrade to Apache Directory Studio 2.0.0.v20210717-M17.


Apache Directory would like to thank Hugh Cole-Baker for reporting this

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message