Описание
.NET Core and Visual Studio Information Disclosure Vulnerability
A flaw was found in dotnet, where the System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the Transport Layer Security (TLS) handshake fails. This flaw allows an attacker to intercept sensitive information. The highest threat from this vulnerability is to confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-dotnet | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet3.1 | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet3.1 | Not affected | ||
| .NET Core on Red Hat Enterprise Linux | rh-dotnet50-dotnet | Fixed | RHSA-2021:3818 | 12.10.2021 |
| Red Hat Enterprise Linux 8 | dotnet5.0 | Fixed | RHSA-2021:3819 | 12.10.2021 |
Показывать по
10
Ссылки на источники
Дополнительная информация
Статус:
Important
Дефект:
CWE-319
https://bugzilla.redhat.com/show_bug.cgi?id=2011487dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails
5.7 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.7
nvd
почти 4 года назад
.NET Core and Visual Studio Information Disclosure Vulnerability
CVSS3: 5.7
msrc
почти 4 года назад
.NET Core and Visual Studio Information Disclosure Vulnerability
CVSS3: 5.7
github
почти 4 года назад
Credential Disclosure in System.DirectoryServices.Protocols
oracle-oval
почти 4 года назад
ELSA-2021-3819: .NET 5.0 security and bugfix update (IMPORTANT)
5.7 Medium
CVSS3