Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-2078

High Security Vulnerabilities Found when using LDAPs

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Not A Problem
    • 2.0.0-M20
    • None
    • ldap
    • Server 2008 R2, Java 8
    • Important

    Description

      Recent internal Qualys vulnerability scans are reporting High Security vulnerabilities when using LDAPs. I have searched through the documentation and cannot find any remediation to these issues.

      Currently have LDAPs enabled, TLS enabled and Server Side password hashing enabled. Allow anonymous access is disabled

      Issues found
      1. SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
      2. SSL Server Allows Anonymous Authentication Vulnerability
      3. SSL Server Allows Cleartext Communication Vulnerability

      Any help would be appreciated.

      Attachments

        1. Anonymous.JPG
          115 kB
          KobieIT
        2. ClearText.JPG
          128 kB
          KobieIT
        3. FREAK.JPG
          72 kB
          KobieIT

        Activity

          People

            Unassigned Unassigned
            kobie KobieIT
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: