LDAP Server NULL Bind Connection Information Disclosure
Medium Nessus Plugin ID 10723
SynopsisThe remote LDAP server allows anonymous access.
DescriptionThe LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND' - and query it for information. Although the queries that are allowed are likely to be fairly restricted, this may result in disclosure of information that an attacker could find useful.
This plugin does not identify servers that use LDAP v3 since anonymous access -- a 'NULL BIND' -- is required by that version of the protocol.
SolutionConfigure the service to disallow NULL BINDs.