NGINX LDAP caution security vulnerabilities

On April 9, 2022, a number of security vulnerabilities in the NGINX LDAP (NGINX LDAP reference implementation) were publicly notified.

nginx ldap

It should be noted that only the reference implementation process is affected. NGINX Open Source and NGINX Plus are not affected by themselves and no corrective action is required if you are not using the reference implementation function.

NGINX LDAP reference implementation uses the Lightweight Directory Access Protocol (LDAP) to authenticate NGINX-mediated applications.

Exploit was published as a Python daemon and contains the relevant NGINX settings at https://github.com/nginxinc/nginx-ldap-auth. The purpose and settings of the script are described in detail on its blog Nginx.

The same blog mentions various LDAP reference implementations that are affected by security vulnerabilities. Take a look at whether any of the conditions listed apply. In addition to the references to the conditions you will also find how to mitigate them.

  Why should you worry about password protection?

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

7 +    = 13

Previous Story

Microsoft Edge 100.0.1185.44 emergency security update

Next Story

Bitdefender Antivirus Free for Windows, Mac and Android