LDAP Credentials

ID

ldap_credentials_assignment

Severity

high

Vendor

-

Family

Data Storage Secret

Description

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Security

Any hardcoded LDAP Credential is a potential secret reported by this detector.

Accidentally checking-in the key to source control repositories could compromise your LDAP server. Please note that LDAP servers are often used as a source for user identity and authentication.

Examples

LDAP_URI="ldaps://gc.example.com:3269"
LDAP_BASE="DC=example,DC=com"
LDAP_USER="LDAPProxy@example.com"
LDAP_PASS="secret"

Mitigation / Fix

  1. Follow your policy for handling leaked secrets, which typically require either removing the user entry in the LDAP server or resetting the password.

  2. Remove the credentials from the source code or committed configuration file.

You should consider any sensitive data in commits with secrets as compromised.

Remember that secrets may be removed from history in your projects, but not in other users' cloned or forked repositories.

Reference

https://tools.ietf.org/html/rfc2251