Security Hole with Sybase ASE and LDAP User Authentication

The connection between ASE and the LDAP server is unencrypted.  The LDAP records are transmitted in clear-text across the network.

 

Even though Sybase has known about this security hole for more than 2 years, Sybase has yet to address this issue.  When I spoke to the engineers at techwave, it isn’t even on their radar. 🙁  If you are using ASE with LDAP User Authentication, please let Sybase know you need this security hole fixed.

 

Workarounds:

  • Encrypt the connection manually by using SSH Tunneling (or similar)
  • Place the LDAP server on the same machine as ASE ASE should connect to the LOCALHOST, port to the LDAP server 
Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *