Bugtraq mailing list archives
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps
From: "AKS aka (0kn0ck)" <0kn0ck () secniche org>
Date: Mon, 03 Dec 2007 13:27:12 -0800
HiThe LDAP garbage dump that remains on web server results in information disclosure. Security of LDAP may be compromised, if for instance a search engine crawls through untamed directories on the web server and finds information through the ldap.xml file. This type of harvesting attack is also termed “static information leveraging attack.” This article provides methods for dealing with
this type of attack and clarifying how to secure LDAP Read it at : http://www.secniche.org/paper.html http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf Regards Aks aka 0kn0ck http://www.secniche.org
Current thread:
- [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps AKS aka (0kn0ck) (Dec 03)