SYM_JAVA_0028 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code allows anonymous binding to an LDAP server, meaning users can connect without providing any authentication. This makes it possible for anyone to query or interact with your LDAP directory without verifying their identity.
Impact
If exploited, attackers could gain unauthorized access to sensitive directory information, potentially exposing user accounts, organizational structure, or other confidential data. This can lead to data leaks, privilege escalation, or make it easier for attackers to move laterally within your systems.