|Title:||LDAP Signing and LDAP Channel Binding|
|Affected Products:||CLOUDFS – All Supported Versions|
Security Vulnerabilities related to LDAP Channel Binding and LDAP Signing
LDAP channel binding and LDAP signing provide ways to increase the security for communications between LDAP clients and Active Directory domain controllers. A set of unsafe default configurations for LDAP channel binding and LDAP signing exist on Active Directory domain controllers that let LDAP clients communicate with them without enforcing LDAP channel binding and LDAP signing. This can open Active Directory domain controllers to an elevation of privilege vulnerability.
For more information, refer here:
In order to address this vulnerability, Panzura requires all Customers switch to a signed secure LDAP bind from an unsigned insecure LDAP bind to prevent any man in the middle attacks. This change can be implemented by allowing the Active Directory Domain Controller in a customer’s environment to accept only signed and secure LDAP queries.