| VID |
23018 |
| Severity |
30 |
| Port |
389 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The LDAP server allows remote users to access the LDAP configuration information. This configuration information can reveal what sort of backend is being used. An attacker could use this information to access directory listings and plan further attacks.
The Lightweight Directory Access Protocol (LDAP) is designed to be a lightweight access protocol for directory services supporting X.500 models. It offers a means of searching, fetching and manipulating directory content.
* References:
http://www.iss.net/security_center/static/1421.php |
| Recommendation |
Disable the cn=config entry or allow only authorized users to view the entry. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
