Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

From: "AKS aka (0kn0ck)" <0kn0ck () secniche org>
Date: Mon, 03 Dec 2007 13:27:12 -0800
Hi
The LDAP garbage dump that remains on web server results in information disclosure. Security of LDAP may be compromised, if for instance a search engine crawls through untamed directories on the web server and finds information through the ldap.xml file. This type of harvesting attack is also termed “static information leveraging attack.” This article provides methods for dealing with 
this type of attack and clarifying how to secure LDAP

Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
Aks aka 0kn0ck
http://www.secniche.org
Previous By Date Next
Previous By Thread Next

Current thread: