Title: [Java] CWE-522: Insecure LDAP authentication · Issue #218 · github/securitylab · GitHub
Open Graph Title: [Java] CWE-522: Insecure LDAP authentication · Issue #218 · github/securitylab
X Title: [Java] CWE-522: Insecure LDAP authentication · Issue #218 · github/securitylab
Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information you think will help GitHub assess the imp...
Open Graph Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y...
X Description: CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y...
Opengraph URL: https://github.com/github/securitylab/issues/218
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java] CWE-522: Insecure LDAP authentication ","articleBody":"## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\n\r\n## Report\r\n\r\n*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*\r\n\r\nWhen using the Java LDAP API to perform LDAPv3-style extended operations and controls like user profile retrieval, a context with connection properties including user credentials is started. Transmission of LDAP credentials in cleartext allows remote attackers to obtain sensitive information by sniffing the network.\r\n\r\nThis query detects transmission of cleartext credentials in LDAP authentication, which meets the following two criteria:\r\n\r\n- Use the protocol \"ldap\" instead of \"ldaps\"\r\n- Use \"simple\" authentication instead of SASL authentication with encrypted/hashed credentials\r\n\r\nRelevant PR: [#4854](https://github.com/github/codeql/pull/4854)\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n\r\n## Result(s)\r\n\r\n*Provide at least one useful result found by your query, on some revision of a real project.*\r\n\r\n- [0code0/JAVA](https://github.com/0code0)\r\n","author":{"url":"https://github.com/luchua-bc","@type":"Person","name":"luchua-bc"},"datePublished":"2020-12-21T00:32:07.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":7},"url":"https://github.com/218/securitylab/issues/218"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:7ce94331-aa39-f4fb-5422-898ea09e1d02 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | A210:1A5476:7773AB:A27D67:6A4C7FFE |
| html-safe-nonce | 81478e1a6eda4ca239d2320d2fa87857f49dea792724a01438433ac4f7add402 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBMjEwOjFBNTQ3Njo3NzczQUI6QTI3RDY3OjZBNEM3RkZFIiwidmlzaXRvcl9pZCI6IjcwNjExNjMxNTUzOTMzODAzNTAiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 4513f08767ab335a1412eaabb68a531e37ed14d228780d7df28a5f50e5a7d80f |
| hovercard-subject-tag | issue:771754823 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/218/issue_layout |
| twitter:image | https://opengraph.githubassets.com/e860db31e3894894692eafea9ab6a64477b7c822db4482bba28b106f2a8b765b/github/securitylab/issues/218 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/e860db31e3894894692eafea9ab6a64477b7c822db4482bba28b106f2a8b765b/github/securitylab/issues/218 |
| og:image:alt | CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. Report Describe the vulnerability. Provide any information y... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luchua-bc |
| hostname | github.com |
| expected-hostname | github.com |
| None | 3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | cd470457e909b9d062f8002cf438ba870e6acff6 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width