NGINX LDAP caution security vulnerabilities

On April 9 , κοινοποιήθηκαν δημόσια ορισμένα κενά ασφαλείας στην υλοποίηση αναφοράς του (NGINX LDAP reference implementation).

nginx ldap

It should be noted that only the reference implementation process is affected. NGINX Open Source and NGINX Plus are not affected by themselves and no corrective action is required if you are not using the reference implementation function.

The NGINX LDAP reference implementation uses the Lightweight Directory Access Protocol (LDAP) for control of applications mediated by NGINX.

Exploit was published as a Python daemon and contains the relevant NGINX settings at https://github.com/nginxinc/nginx-ldap-auth. The purpose and settings of the script are described in detail on its blog Nginx.

The same blog mentions various LDAP reference implementations that are affected by security vulnerabilities. Take a look at whether any of the conditions listed apply. In addition to the references to the conditions you will also find how to mitigate them.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
NGINX LDAP, NGINX, iguru

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).