CVE ID(s)

List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.

Report

Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.

When using the Java LDAP API to perform LDAPv3-style extended operations and controls like user profile retrieval, a context with connection properties including user credentials is started. Transmission of LDAP credentials in cleartext allows remote attackers to obtain sensitive information by sniffing the network.

This query detects transmission of cleartext credentials in LDAP authentication, which meets the following two criteria:

• Use the protocol "ldap" instead of "ldaps"
• Use "simple" authentication instead of SASL authentication with encrypted/hashed credentials

Relevant PR: #4854

• Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Result(s)

Provide at least one useful result found by your query, on some revision of a real project.

• 0code0/JAVA