It was discovered that System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if the TLS handshake failed. An attacker could exploit this to potentially intercept sensitive information.
This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2021:3818 https://access.redhat.com/errata/RHSA-2021:3818
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3819 https://access.redhat.com/errata/RHSA-2021:3819
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41355