Family: Remote file access --> Category: infos
LDAP allows null bases Vulnerability Scan
Vulnerability Scan Summary
Check for LDAP null base
Detailed Explanation for this Vulnerability Test
It is possible to disclose LDAP information.
Improperly configured LDAP servers will allow the directory BASE
to be set to NULL. This allows information to be culled without
any prior knowledge of the directory structure. Coupled with a
NULL BIND, an anonymous user can query your LDAP server using a
tool such as 'LdapMiner'
Disable NULL BASE queries on your LDAP server
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.