Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-4433

LDAP connections should be authenticated

    Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      Change authentication to "simple" or stronger.
    • Highlighting:
      Hide

      Context.SECURITY_AUTHENTICATION, "none"

      Show
      Context.SECURITY_AUTHENTICATION, "none"
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      C#, Java, PHP
    • Irrelevant for Languages:
      ABAP, C#, C, C++, Cobol, CSS, Flex, HTML, JavaScript, Objective-C, PL/I, PL/SQL, Python, RPG, Swift, T-SQL, TypeScript, VB.Net, VB6, XML
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      15min
    • Analysis Level:
      Abstract Interpretation
    • Analysis Scope:
      Main Sources
    • Common Rule:
      Yes
    • CWE:
      CWE-521
    • OWASP:
      A2
    • FindSecBugs:
      LDAP_ANONYMOUS

      Description

      An un-authenticated LDAP connection can lead to transactions without access control. Authentication, and with it, access control, are the last line of defense against LDAP injections and should not be disabled.

      See

        Attachments

          Issue Links

          1.
          C# RSPEC-4563 Language-Specification Active Unassigned
          2.
          Java RSPEC-4629 Language-Specification Active Unassigned
          3.
          PHP RSPEC-4720 Language-Specification Active Unassigned

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jeanchristophe.collet Jean-Christophe Collet (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: