|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps
From: AKS aka (0kn0ck) (0kn0ck
secniche.org)
Date: Mon Dec 03 2007 - 15:27:12 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
The LDAP garbage dump that remains on web server results in information
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls
through untamed directories
on the web server and finds information through the ldap.xml file. This
type of harvesting attack is
also termed “static information leveraging attack.” This article
provides methods for dealing with
this type of attack and clarifying how to secure LDAP
Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf
Regards
Aks aka 0kn0ck
http://www.secniche.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]