Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2078

High Security Vulnerabilities Found when using LDAPs

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: 2.0.0-M20
    • Fix Version/s: None
    • Component/s: ldap
    • Labels:
    • Environment:
      Server 2008 R2, Java 8
    • Flags:
      Important

      Description

      Recent internal Qualys vulnerability scans are reporting High Security vulnerabilities when using LDAPs. I have searched through the documentation and cannot find any remediation to these issues.

      Currently have LDAPs enabled, TLS enabled and Server Side password hashing enabled. Allow anonymous access is disabled

      Issues found
      1. SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
      2. SSL Server Allows Anonymous Authentication Vulnerability
      3. SSL Server Allows Cleartext Communication Vulnerability

      Any help would be appreciated.

        Attachments

        1. Anonymous.JPG
          115 kB
          Tyler Neemann
        2. ClearText.JPG
          128 kB
          Tyler Neemann
        3. FREAK.JPG
          72 kB
          Tyler Neemann

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              kobie Tyler Neemann
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: