Release date:
Updated on:
Affected Systems:
Google Apps Directory Sync <= 3.1.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58840
Google Apps Directory Sync is an Active Directory synchronization tool that automatically configures user, group, and non-employee contacts based on user data on LDAP servers (such as Microsoft Active Directory or Lotus Domino.
A security vulnerability exists in Java Encryption Algorithm Implementation in versions earlier than Google Apps Directory Sync 3.1.6. Attackers can exploit this vulnerability to decrypt the stored creden。 into plain text to obtain sensitive information.
<* Source: Nathaniel Carew
Link: http://osvdb.org/91982
Http://seclists.org/bugtraq/2013/Apr/14
Http://xforce.iss.net/xforce/xfdb/83206
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.google.com/a/bin/answer.py? Hl = zh-Hans & answer = 106368