[WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

To: bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx
Subject: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps
From: "AKS aka (0kn0ck)" <0kn0ck@xxxxxxxxxxxx>
Date: Mon, 03 Dec 2007 13:27:12 -0800
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.7 (Windows/20060909)

Hi

The LDAP garbage dump that remains on web server results in informationdisclosure. Securityof LDAP may be compromised, if for instance a search engine crawlsthrough untamed directorieson the web server and finds information through the ldap.xml file. Thistype of harvesting attack isalso termed “static information leveraging attack.” This articleprovides methods for dealing with

this type of attack and clarifying how to secure LDAP

Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
Aks aka 0kn0ck
http://www.secniche.org

Prev by Date: Re: SQL Injection in saphp "showcat.php"
Next by Date: PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users
Previous by thread: [SECURITY] [DSA 1418-1] New cacti packages fix SQL injection
Next by thread: PR06-11: BEA Plumtree portal search facility leaks usernames to unauthenticated users
Index(es):
- Date
- Thread