Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-26740: Does the ADV190023 Security Advisory from Microsoft - "LDAP Channel Binding and LDAP Signing requirements for Windows" affect Centrify?

Authentication Service ,   Privilege Elevation Service ,  

5 February,20 at 03:43 PM

Question:

Does the Microsoft Security Advisory ADV190023 about enforcing LDAP Channel Binding and LDAP Signing for Windows affect Centrify?


Answer:

No, those requirements for LDAP Channel Binding and LDAP Signing from Microsoft will not affect Centrify.
 
1. LDAP channel binding (TLS/SSL) does not apply to adclient, it is using LDAP port (389), not LDAPS (636).  Adclient LDAP connection to a Domain Controller is by GSSAPI (Kerberos).  Traffic encryption is also by GSSAPI Privacy (This can be seen in a Network trace).

2. Adclient LDAP binding has always supported LDAP signing.


Additional Information: (3rd party links are provided as a courtesy and Centrify is not responsible for the availability or content in those links)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

See also:
KB-11609: Does Centrify DirectControl support Secure LDAP?

 

Related Articles

 articleKB-39695: Does vulnerability CVE-2020-1472 affect Centrify? articleCentrify Cloud 16.10 Release Notes articleCentrify 18.4 Release Notes articleCentrify 18.3 Release Notes articleCentrify 17.4 and 17.4 Hotfix Release Notes articleCentrify 17.6 and 17.6 Hotfix Release Notes article[Basics] Understanding how Active Directory Functional Levels affect Centrified Systems articleCentrify 17.10 Release Notes articleCentrify 17.3 Release Notes