Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723)
 

Index | Next | Previous | View Flat


MATT.WEHNES at hs

Oct 26, 2008, 6:20 AM


Views: 1479
Permalink
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723)

Nessus is returning plug-in 10722 and 10723 for several of my Windows
2000 / 2003 Exchange and DC servers. After Googling this and checking
the archives I'm still not sure if these plug-ins are working as
intended.

It appears with W2k you can't disable null bind, but it isn't a security
risk in all cases. W2k3 allows null bind to be disabled, but can cause
issues with down level clients and is not always a security issue.

I'm referencing:
http://support.microsoft.com/kb/837964
http://support.microsoft.com/kb/326690


Adding these plug-ins to our ignore list doesn't seem to good of an idea
since they could be legit at times. Can the plug-ins be updated to more
accurately detect the possible exposure of an insecure Windows LDAP
service?



Matt Wehnes

Subject User Time
LDAP - Null Base (plug-in 10722) and Null Bind (Plug-in 10723) MATT.WEHNES at hs Oct 26, 2008, 6:20 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.