lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <475474B0.10009@secniche.org>
Date: Mon, 03 Dec 2007 13:27:12 -0800
From: "AKS aka (0kn0ck)" <0kn0ck@...niche.org>
To: bugtraq@...urityfocus.com, websecurity@...appsec.org
Subject: [WhitePaper (SecNiche)] Information Prone LDAP Garbage Dumps

Hi

The LDAP garbage dump that remains on web server results in information 
disclosure. Security
of LDAP may be compromised, if for instance a search engine crawls 
through untamed directories
on the web server and finds information through the ldap.xml file. This 
type of harvesting attack is
also termed “static information leveraging attack.” This article 
provides methods for dealing with
this type of attack and clarifying how to secure LDAP

Read it at :
http://www.secniche.org/paper.html
http://www.secniche.org/papers/Inf_Pr_Ldap_Gar_Dumps.pdf

Regards
Aks aka 0kn0ck
http://www.secniche.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ