New rules for an anonymous LDAP bind
Opened this issue · 1 comments
ericwb commented
Is your feature request related to a problem? Please describe.
In LDAP, anonymous bind is equivalent to no authentication at all. This is insecure as anyone can access the LDAP data without login.
Describe the solution you'd like
New rules for each language to check for LDAP bind that is anonymous.
Describe alternatives you've considered
n/a
Additional context
- https://docs.oracle.com/en/java/javase/21/docs/api/java.naming/javax/naming/directory/InitialDirContext.html
- https://ldap3.readthedocs.io/en/latest/connection.html
Love this idea? Give it a 👍. We prioritize fulfilling features with the most 👍.
ericwb commented
Python version is merged as rule PY527