Insecure authentication method - LDAP

Description

The use of LDAP software in its current state is not suitable as an authentication service. LDAP is an active directory, this means that it (the LDAP server) is constantly being inundated with new queries. An authentication service should never have more traffic than necessary. Passwords can be sent over networks in plain-text. Although v3 of the protocol allows TLS sessions, the use of such security has not fully carried over due to historic security policies using the obsolete SSL-session method, which can be easily compromised by SSL certificate spoofing.

Impact

DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.

Recommendation

• LDAP had to incorporate the use of SSL to provide encryption of traffic containing plain-text passwords.
• Bind all blind authentication connections to a second physical LDAP server that is a clone of the directory tree for the scope of a blind authentication.
• If allowing connections from the Internet, only allow blind authentication.

Threat

Unauthorized attacker from intranet.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the src.

Base

• Attack vector: N
• Attack complexity: H
• Privileges required: N
• User interaction: N
• Scope: U
• Confidentiality: L
• Integrity: L
• Availability: L

Temporal

• Exploit code maturity: P
• Remediation level: O
• Report confidence: X

Result

• Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:X
• Score:
  • Base: 5.6
  • Temporal: 5.1
• Severity:
  • Base: Medium
  • Temporal: Medium

Score 4.0

Default score using CVSS 4.0 . It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Result 4.0

• Vector string: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
• Score:
  • CVSS-BT: 2.9
• Severity:
  • CVSS-BT: Low

Requirements

• 228.Authenticate using standard protocols
• 319.Make authentication options equally secure

Fixes

• Elixir
• Go
• Scala
• Ruby
• Java

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.