Improper Authentication
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-287: Improper Authentication |
| OWASP | A02:2017 - Broken Authentication |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code allows connections to the LDAP directory without requiring any user authentication, meaning anyone can access the directory anonymously. This makes it easy for unauthorized users to interact with your LDAP server.
Impact#
If exploited, attackers could query, modify, or access sensitive directory data without credentials, potentially exposing confidential information or enabling further attacks. This severely weakens your application’s security and could lead to data breaches or unauthorized changes.