Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4433

LDAP connections should be authenticated

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Change authentication to "simple" or stronger.
    • Highlighting:
      Hide

      Context.SECURITY_AUTHENTICATION, "none"

      Show
      Context.SECURITY_AUTHENTICATION, "none"
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      C#, Java, PHP, Python
    • Irrelevant for Languages:
      ABAP, C#, C, C++, Cobol, CSS, Flex, HTML, JavaScript, Objective-C, PL/I, PL/SQL, Python, RPG, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      15min
    • Analysis Level:
      Abstract Interpretation
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-521
    • OWASP:
      A2
    • FindSecBugs:
      LDAP_ANONYMOUS

      Description

      An LDAP client authenticates to an LDAP server with a "bind request" which provides, among other, a simple authentication method.
      Simple authentication in LDAP can be used with three different mechanisms:

      • Anonymous Authentication Mechanism by performing a bind request with a username and password value of zero length.
      • Unauthenticated Authentication Mechanism by performing a bind request with a password value of zero length.
      • Name/Password Authentication Mechanism by performing a bind request with a password value of non-zero length.

      Anonymous binds and unauthenticated binds allow access to information in the LDAP directory without providing a password, their use is therefore strongly discouraged.

      See

        Attachments

          Issue Links

          1.
          C# RSPEC-4563 Language-Specification Active Unassigned
          2.
          Java RSPEC-4629 Language-Specification Active Unassigned
          3.
          PHP RSPEC-4720 Language-Specification Active Unassigned
          4.
          Python RSPEC-5621 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jeanchristophe.collet Jean-Christophe Collet (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: