Tyler Neemann created DIRSERVER-2078:
----------------------------------------
Summary: High Security Vulnerabilities Found when using LDAPs
Key: DIRSERVER-2078
URL: https://issues.apache.org/jira/browse/DIRSERVER-2078
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap
Affects Versions: 2.0.0-M20
Environment: Server 2008 R2, Java 8
Reporter: Tyler Neemann
Recent internal Qualys vulnerability scans are reporting High Security
vulnerabilities when using LDAPs. I have searched through the documentation and
cannot find any remediation to these issues.
Currently have LDAPs enabled, TLS enabled and Server Side password hashing
enabled. Allow anonymous access is disabled
Issues found
1. SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
2. SSL Server Allows Anonymous Authentication Vulnerability
3. SSL Server Allows Cleartext Communication Vulnerability
Any help would be appreciated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
