Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9cxh-gqpx-qc5m

GitHub Security Advisory

Credential Disclosure in System.DirectoryServices.Protocols

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on Linux.

### Patches
Any .NET application that uses `System.DirectoryServices.Protocols` with a vulnerable version listed below on system based on Linux.

Package name | Vulnerable versions | Secure versions
------------ | ---------------- | -------------------------
System.DirectoryServices.Protocols | 5.0.0 | 5.0.1

### Other Details

- Announcement for this issue can be found at dotnet/announcements#202
- An Issue for this can be found at https://github.com/dotnet/runtime/issues/60301
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-41355

Affected Packages

NuGet System.DirectoryServices.Protocols
Affected versions: 0 (fixed in 5.0.1)

Related CVEs

CVE-2021-41355

Key Information

GHSA ID
GHSA-9cxh-gqpx-qc5m
Published
October 12, 2021 5:49 PM
Last Modified
February 8, 2022 8:42 PM
CVSS Score
5.0 /10
Primary Ecosystem
NuGet
Primary Package
System.DirectoryServices.Protocols
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.