Hi Tarik, Since your plugin was added to OpenVAS, all the hosts in our network (more than 700) suddenly show up a security hole for ldap. here is the output from an html page:
================================== Vulnerability ldap (389/tcp) The LDAPserver allows null-binds and null- base requests OpenVAS ID : 1.3.6.1.4.1.25623.1.0.91984 Informational ldap (389/tcp) Grabbed the following information with a null- bind, null-base request: -------------------------------------------------------------------------------------------------- ldap_bind: Can't con OpenVAS ID : 1.3.6.1.4.1.25623.1.0.91984 Informational ldap (389/tcp) Grabbed the following information from the LDAP server: ---------------------------------------------------------------------------------------- ldap_bind: Can't con OpenVAS ID : 1.3.6.1.4.1.25623.1.0.91984 =================================== I assume "Can't con" means "Cannot connect." If the plugin cannot connect than there should not be any vulnerability present. Even hosts that are firewalled and do not allow acces to port 389/tcp and hosts that have port 389/tcp closed (because an ldap server is not running) show up as having this ldap vulnerability. What am I doing wrong? How can I avoid all these false positives? I would very much appreciate your help in this matter. Bernd Neumann [email protected] _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
