Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723)

Index | Next | Previous | View Flat


Oct 26, 2008, 6:20 AM

Views: 1707
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723)

Nessus is returning plug-in 10722 and 10723 for several of my Windows
2000 / 2003 Exchange and DC servers. After Googling this and checking
the archives I'm still not sure if these plug-ins are working as

It appears with W2k you can't disable null bind, but it isn't a security
risk in all cases. W2k3 allows null bind to be disabled, but can cause
issues with down level clients and is not always a security issue.

I'm referencing:

Adding these plug-ins to our ignore list doesn't seem to good of an idea
since they could be legit at times. Can the plug-ins be updated to more
accurately detect the possible exposure of an insecure Windows LDAP

Matt Wehnes

Subject User Time
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723) MATT.WEHNES at hs Oct 26, 2008, 6:20 AM

  Index | Next | Previous | View Flat

Interested in having your list archived? Contact Gossamer Threads
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.