248 – Non-encrypted confidential information - LDAP

Description

LDAP service credentials are exposed in plain text in the code.

Impact

- Access the LDAP service. - Obtain confidential information.

Recommendation

Use secure encryption methods to encrypt any sensitive information.

Threat

An attacker with access to the code from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 134 - Store passwords with salt
• 135 - Passwords with random salt
• 185 - Encrypt sensitive information
• 229 - Request access credentials
• 264 - Request authentication
• 300 - Mask sensitive data

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Scala
• Typescript

Last updated

2024/02/16