Date: Mon, 03 Dec 2007 13:27:12 -0800
From: "AKS aka (0kn0ck)" <0kn0ck@secniche.org.>
To: [email protected], [email protected]Subject: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ganesh.drvgv.com
X-AntiAbuse: Original Domain - securityfocus.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - secniche.org
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hi
The LDAP garbage dump that remains on web server results in information
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls
through untamed directories
on the web server and finds information through the ldap.xml file. This
type of harvesting attack is
also termed ⌠static information leveraging attack.■ This article
provides methods for dealing with
this type of attack and clarifying how to secure LDAP
Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf
Regards
Aks aka 0kn0ck
http://www.secniche.org
