I never have been a big fan of LDAP. A protocol who’s acronym starts with “Light Duty” is sure to raise eyebrows.
First, the functionality was never initially meant to be a security crutch for corporate IT departments, it was meant to be an easy way to provide lists and verify access to areas of a network, not the network itself.
In the latest release the Mac LDAP has such HUGE problems that one can access anything on a network by simply leaving the user name blank.
Yes, you read that correctly: BLANK
My primary concern with using LDAP for access to a corporation’s most sensitive information is not the technology itself, but the humans running it.
90 plus percent of all security breaches can be traced back to an internal corporate employee either not following instructions or purposefully giving away access to corporate security network.
With LDAP, you just make it easier for that kind of insider destruction.
The full story to the problem with MAC’s LDAP can be found at CNET via the link below.
LDAP flaw in OS X Lion opens major authentication security hole | MacFixIt - CNET Reviews
No comments:
Post a Comment