<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

From: AKS aka (0kn0ck) <0kn0ck_at_secniche.org>
Date: Mon, 03 Dec 2007 13:27:12 -0800

Hi

The LDAP garbage dump that remains on web server results in information
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls
through untamed directories
on the web server and finds information through the ldap.xml file. This
type of harvesting attack is
also termed “static information leveraging attack.” This article
provides methods for dealing with
this type of attack and clarifying how to secure LDAP

Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
Aks aka 0kn0ck
http://www.secniche.org
Received on Dec 03 2007

This message: [ Message body ]
Next message: Milen Rangelov: "sing (debian) vunlerability?"
Previous message: security curmudgeon: "Re: SQL Injection in saphp "showcat.php""

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos