Insecure authentication method - LDAP
Description
The use of LDAP software in its current state is not suitable as an authentication service. LDAP is an active directory, this means that it (the LDAP server) is constantly being inundated with new queries. An authentication service should never have more traffic than necessary. Passwords can be sent over networks in plain-text. Although v3 of the protocol allows TLS sessions, the use of such security has not fully carried over due to historic security policies using the obsolete SSL-session method, which can be easily compromised by SSL certificate spoofing.
Impact
DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.
Recommendation
- LDAP had to incorporate the use of SSL to provide encryption of traffic containing plain-text passwords.
- Bind all blind authentication connections to a second physical LDAP server that is a clone of the directory tree for the scope of a blind authentication.
- If allowing connections from the Internet, only allow blind authentication.
Threat
Unauthorized attacker from intranet.
Expected Remediation Time
⌚ minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: N
- Attack complexity: H
- Privileges required: N
- User interaction: N
- Scope: U
- Confidentiality: L
- Integrity: L
- Availability: L
Temporal
- Exploit code madurity: P
- Remediation level: O
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:X
- Score:
- Base: 5.6
- Temporal: 5.1
- Severity:
- Base: Medium
- Temporal: Medium
Requirements
Fixes
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.