SYM_PHP_0029 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Authentication
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code is binding to an LDAP server without providing a password, allowing anonymous access. This means anyone can connect to your LDAP server without authentication.
Impact
If exploited, attackers could access or query sensitive directory information without valid credentials. This can lead to data exposure, unauthorized access to user details, or facilitate further attacks against your application or infrastructure.