33 lines
1.1 KiB
YAML
33 lines
1.1 KiB
YAML
id: ldap-anonymous-login
|
|
|
|
info:
|
|
name: LDAP Server NULL Bind Connection Information Disclosure
|
|
author: s0obi
|
|
severity: medium
|
|
description: The remote LDAP server allows anonymous access
|
|
remediation: Configure the service to disallow NULL BINDs.
|
|
reference:
|
|
- https://ldap.com/ldapv3-wire-protocol-reference-bind
|
|
- https://www.mowasay.com/2016/01/windows-how-do-i-disable-or-enable-anonymous-ldap-binds-to-windows-server-2008-r2-active-directory-ad/
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cwe-id: CWE-284
|
|
metadata:
|
|
max-request: 1
|
|
tags: network,ldap,default-login,tenable,tcp
|
|
tcp:
|
|
- inputs:
|
|
- data: 300c020101600702010304008000
|
|
type: hex
|
|
|
|
host:
|
|
- "{{Hostname}}"
|
|
port: 389
|
|
read-size: 1024
|
|
|
|
matchers:
|
|
- type: binary
|
|
binary:
|
|
- "300c02010161070a010004000400"
|
|
# digest: 4b0a00483046022100ab130aa5c44fff5b34f84a132eda6c1ed418f9acffec6d5ac299284793ea9fb7022100e8e3985fba903734c92eded7f2f184da05761ab09d1d094a9f5a4a2519b505a8:922c64590222798bb761d5b6d8e72950 |