Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Screencast: AM LDAP Bug

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
544 views
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Apr 15, 2008

Serious security vulnerability using Sun Access Manager 7.1 update 1 authenticating against Sun Directory Server 5.2.

Originally mentioned in: http://forum.java.sun.com/thread.jspa?threadID=5275151

In relation to a known DS 5.2 issue: http://docs.sun.com/source/819-2405/index.html#wp49398

Which says:

Bind With Zero-Length Password Is Treated as an Anonymous Bind (4703503)
If you use a zero-length password to bind to a directory, your bind is an anonymous bind - it is not a simple bind. Third party applications that authenticate users by performing a test bind might exhibit a security hole if they are not aware of this behavior.

Category:

Howto & Style

Tags:

License:

Standard YouTube License

  • likes, 0 dislikes

Link to this comment:

Share to:
see all

All Comments (0)

Sign In or Sign Up now to post a comment!
Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more