Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

LDAP allows anonymous binds

from [PJ Bender] Network Security [Permanent Link]
Subject: LDAP allows anonymous binds
Date: Tue, 13 Nov 2007 09:30:15 -0800 
Hi,
  When Nessus was run against our two Domain Controllers, we received the 
following report:
Synopsis: It is possible to disclose LDAP information.

Description: Improperly configured LDAP servers will allow any user to connect 
to
the server and query it for information. 

Solution: Disable NULL BIND on your LDAP server

Risk Factor : Medium / CVSS Base Score : 5.0 
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE : CVE-1999-0385
BID : 503
Now when we look for a method to disable the null bind on out LDAP server, we 
are directed to a Microsoft update for MS Exchange 5.5.  Since, we do use 
Exchange 5.5, I  don't think it is this problem.
Can someone let me know where I can go to find a method(s) to disable the null 
bind on my Windows 2003 LDAP server(s)?
Thank you
 
 
P. J.

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nikto on Nessus 3 Client?, Ramos, Jaime J.
Next by Date:  Re: Nikto on Nessus 3 Client?, George A. Theall
Previous by Thread:  Vista and MS06-035, MS06-040, Doty, Timothy T.
Next by Thread:  Re: LDAP allows anonymous binds, George A. Theall
Indexes:  [Date] [Thread] [Top] [All Lists]