This script is Copyright (C) 2001-2012 Tenable Network Security, Inc.
The remote LDAP server allows anonymous access.
The LDAP server on the remote host is currently configured such that a
user can connect to it without authentication - via a 'NULL BIND' -
and query it for information. Although the queries that are allowed
are likely to be fairly restricted, this may result in disclosure of
information that an attacker could find useful.
This plugin does not identify servers that use LDAP v3 since
anonymous access -- a 'NULL BIND' -- is required by that version
of the protocol.
Configure the service to disallow NULL BINDs.
Risk factor :
Medium / CVSS Base Score : 5.0
Nessus Plugin ID: 10723 (ldap_null_bind.nasl)
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.