Hi, When Nessus was run against our two Domain Controllers, we received the following report: Synopsis: It is possible to disclose LDAP information.
Description: Improperly configured LDAP servers will allow any user to connect to the server and query it for information. Solution: Disable NULL BIND on your LDAP server Risk Factor : Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE : CVE-1999-0385 BID : 503 Now when we look for a method to disable the null bind on out LDAP server, we are directed to a Microsoft update for MS Exchange 5.5. Since, we do use Exchange 5.5, I don't think it is this problem. Can someone let me know where I can go to find a method(s) to disable the null bind on my Windows 2003 LDAP server(s)? Thank you P. J.
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
