LDAP Anonymous Authentication

Description

Without proper access control, executing an LDAP statement that contains a user-controlled value can allow an attacker to abuse poorly configured LDAP context

Examples

Insecure Code

scala

$ENV.put(Context.SECURITY_AUTHENTICATION, "none");

Secure Code

scala

$ENV.put(Context.SECURITY_AUTHENTICATION, "simple"); // with proper credentials

Remediation

Implement proper authentication and access control for LDAP connections, avoiding anonymous authentication

Rule Details

Field	Value
ID	CODE-0055
Category	Auth
Severity	MEDIUM
CWE	CWE-358
Confidence	HIGH
Impact	MEDIUM
Likelihood	MEDIUM
Exploitability	MODERATE
Tags	authentication, access control
OWASP	N/A

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

LDAP Anonymous Authentication

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

LDAP Anonymous Authentication ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

LDAP Anonymous Authentication

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details