30 lines
1.4 KiB
Plaintext
30 lines
1.4 KiB
Plaintext
|
An attacker exploiting unauthenticated access to an LDAP server can access the
|
||
|
|
data that is stored in the corresponding directory. The impact varies depending
|
||
|
|
on the permission obtained on the directory and the type of data it stores.
|
||
|
|
|
||
|
|
==== Authentication bypass
|
||
|
|
|
||
|
|
If attackers get write access to the directory, they will be able to alter
|
||
|
|
most of the data it stores. This might include sensitive technical data such as
|
||
|
|
user passwords or asset configurations. Such an attack can typically lead to
|
||
|
|
an authentication bypass on applications and systems that use the affected
|
||
|
|
directory as an identity provider.
|
||
|
|
|
||
|
|
In such a case, all users configured in the directory might see their identity
|
||
|
|
and privileges taken over.
|
||
|
|
|
||
|
|
==== Sensitive information leak
|
||
|
|
|
||
|
|
If attackers get read-only access to the directory, they will be able to read
|
||
|
|
the data it stores. That data might include security-sensitive pieces of
|
||
|
|
information.
|
||
|
|
|
||
|
|
Typically, attackers might get access to user account lists that they can use
|
||
|
|
in further intrusion steps. For example, they could use such lists to perform
|
||
|
|
password spraying, or related attacks, on all systems that rely on the affected
|
||
|
|
directory as an identity provider.
|
||
|
|
|
||
|
|
If the directory contains some Personally Identifiable Information, an attacker
|
||
|
|
accessing it might represent a violation of regulatory requirements in some
|
||
|
|
countries. For example, this kind of security event would go against the
|
||
|
|
European GDPR law.
|