Home » Databases » Sybase » ASE » Security Hole with Sybase ASE and LDAP User Authentication

Security Hole with Sybase ASE and LDAP User Authentication

The connection between ASE and the LDAP server is unencrypted.  The LDAP records are transmitted in clear-text across the network.

 

Even though Sybase has known about this security hole for more than 2 years, Sybase has yet to address this issue.  When I spoke to the engineers at techwave, it isn’t even on their radar. 🙁  If you are using ASE with LDAP User Authentication, please let Sybase know you need this security hole fixed.

 

Workarounds:

  • Encrypt the connection manually by using SSH Tunneling (or similar)
  • Place the LDAP server on the same machine as ASE ASE should connect to the LOCALHOST, port to the LDAP server 
Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Facebook login by WP-FB-AutoConnect