Penetration Testing mailing list archives
Re: LDAP directory
From: Archive User <archive () xpedite com>
Date: Thu, 2 Aug 2001 01:28:19 -0400 (EDT)
Peter, The weakness of any ldap system is the acl's. Most acl's for ldap system are complicated enough that many people give to much privledge in the hope of getting things working. You will need to determine what users have valid accounts on the ldap system for administrative access. The default account for openldap is "cn=Manager,dc=example,dc=com" and password is secret. I would imagine most folks change the password and dc=example,dc=com but leave manager as the cn. See http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control for detailed info on openldaps acl system. A brute force password attack could work easily against the server since there are no delays built into the protocol/server as far as I am aware. The attack would obviously be logged. Once you can bind as any authenticated user you should investigate what your acl privlages are. You might find that you can do things you shouldnt be able to as a normal user. Mike On Wed, 1 Aug 2001, Peter Raven wrote:
Hi there, does anyone have good starting points for pen-testing an LDAP directory server? I'm looking for a threat analyses, security checklists, tools and personal experiences especially on the LDAP service; not on the operating system. Thanks and greetings Peter
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- LDAP directory Peter Raven (Aug 01)
- Re: LDAP directory Archive User (Aug 02)
- RE: LDAP directory BUGTRAQ (Aug 02)
- RE: LDAP directory Sacha Faust (Aug 05)
- <Possible follow-ups>
- RE: LDAP directory Stephen Murphy (Aug 02)
- RE: LDAP directory Sacha Faust (Aug 07)