[DIRSERVER-2078] High Security Vulnerabilities Found when using LDAPs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Problem
Affects Version/s: 2.0.0-M20
Fix Version/s: None
Component/s: ldap
Labels:
- security
Environment:
Server 2008 R2, Java 8

Flags:

Important

Description

Recent internal Qualys vulnerability scans are reporting High Security vulnerabilities when using LDAPs. I have searched through the documentation and cannot find any remediation to these issues.

Currently have LDAPs enabled, TLS enabled and Server Side password hashing enabled. Allow anonymous access is disabled

Issues found
1. SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
2. SSL Server Allows Anonymous Authentication Vulnerability
3. SSL Server Allows Cleartext Communication Vulnerability

Any help would be appreciated.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FREAK.JPG
30/Jun/15 17:39
72 kB
KobieIT
ClearText.JPG
30/Jun/15 17:39
128 kB
KobieIT
Anonymous.JPG
30/Jun/15 17:38
115 kB
KobieIT

Activity

People

Assignee:: Unassigned

Reporter:: KobieIT

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Jun/15 15:10

Updated:: 06/Jun/19 13:44

Resolved:: 06/Jun/19 13:44