| VID |
23017 |
| Severity |
30 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The LDAP server is improperly configured and allows anonymous binds. The NULL bind entry allows a user to access the LDAP directory as anonymous. An attacker could take advantage of the NULL bind entry to anonymously view files in the LDAP directory.
* References:
http://www.iss.net/security_center/static/1424.php |
| Recommendation |
Disable the NULL BIND entry or control the entry with Access Control Lists (ACL). |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
