LDAP Signing

by | Mar 18, 2020 | Insights | 0 comments

In Microsoft’s March update for Windows, administrative options have been added in the Registry to improve security for LDAP. Currently by default, the server accepts unsigned Simple Authentication and Security Layer (SASL) LDAP binds and clear-text simple binds.

Allowing these binds can make your network vulnerable as they can be exploited by man-in-the-middle and replay attacks. During an attack a malicious actor can intercept and retransmit packets in order to forge LDAP requests.

Microsoft recommends configuring the LDAP server to reject unsigned binds and simple binds as part of their best practices. This will help secure your network against attacks.

 

By Donald Ross

Lab geek, Pi lover and retro arcade machine builder.

Check Out These Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *