Non-encrypted confidential information - LDAP | Fluid Attacks Database

Database

Description

LDAP service credentials are exposed in plain text in the code.

Impact

- Access the LDAP service. - Obtain confidential information.

Recommendation

Use secure encryption methods to encrypt any sensitive information.

Threat

An attacker with access to the code from the Internet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

134 - Store passwords with salt 135 - Passwords with random salt 185 - Encrypt sensitive information 229 - Request access credentials 264 - Request authentication 300 - Mask sensitive data

Fixes

Csharp Dart Go Java Php Python Scala Typescript