On Tue, 16 Mar 2004, Redmond Militante wrote:
> what specific configuration can you do to a windows 2000 active directory
> domain controller to get rid of this particular nessus error message?
> what exactly is a 'NULL bind', and does this issue even pertain to a
> windows 2000 server that is not running MS Exchange?
You need to bind yourself to a LDAP server before you can do anything with
it.
A NULL binding means you can bind without any authentication. You may in
effect not be able to do anything usefull or harmfull at all.
In order to trace the issue a full packet dump of the LDAP traffic from
nessusd to your AD server might help to clarify the issue.
Wether or not a vunerability exist needs to be determined yet.
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
[EMAIL PROTECTED] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
