The connection between ASE and the LDAP server is unencrypted. The LDAP records are transmitted in clear-text across the network.
Even though Sybase has known about this security hole for more than 2 years, Sybase has yet to address this issue. When I spoke to the engineers at techwave, it isn’t even on their radar. 🙁 If you are using ASE with LDAP User Authentication, please let Sybase know you need this security hole fixed.
- Encrypt the connection manually by using SSH Tunneling (or similar)
- Place the LDAP server on the same machine as ASE ASE should connect to the LOCALHOST, port to the LDAP server