Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAP how to disable NULL BASE queries and Disable anonymous access
  •  
skenov

Messages: 12
Karma: 1
Send a private message to this user
Hello,
We've made some penetration testing on our systems and they reported these vulnerabilities in our Kerio Connect server 7.4.1 build 7267 operating on Windows server 2008 :
1.The LDAP server allows anonymous connections
2.The LDAP server supports search requests with a null, or empty, base object
Can you help me fix these issues?
  •  
skenov

Messages: 12
Karma: 1
Send a private message to this user
Anyone, Any idea?
  •  
skenov

Messages: 12
Karma: 1
Send a private message to this user
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
I see you already have a ticket with the same question. You'll get an answer there.
In short: both is valid. Anonymous access is allowed because contact folders can be set for anonymous access. NULL base DN is required to in compliance with RFC.

Nessus scanner often produces false positive results for LDAP tests, particularly if tyne server is using LDAP v3.

You can disable LDAP service or restrict it to certain IP addresses only if this concerns you.
  •  
skenov

Messages: 12
Karma: 1
Send a private message to this user
Thank you for the reply!
Previous Topic: Access Outlook Mac Notes via iPhone?
Next Topic: AlternateDownloadURL
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Aug 23 21:34:07 CEST 2017

Total time taken to generate the page: 0.00478 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.