lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Mon, 03 Dec 2007 13:27:12 -0800
From: "AKS aka (0kn0ck)" <0kn0ck@...niche.org>
To: bugtraq@...urityfocus.com, websecurity@...appsec.org
Subject: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

Hi

The LDAP garbage dump that remains on web server results in information 
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls 
through untamed directories
on the web server and finds information through the ldap.xml file. This 
type of harvesting attack is
also termed .static information leveraging attack.. This article 
provides methods for dealing with
this type of attack and clarifying how to secure LDAP

Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
Aks aka 0kn0ck
http://www.secniche.org

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux