ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Unusual LDAP Plaintext Authentication

Risk Factors

New applications, legacy applications, or misconfigured servers that accept LDAP plaintext authentication requests increase the risk of exposing passwords to attackers that capture traffic through network sniffing. Harden your environment by configuring LDAP servers to reject LDAP requests with Simple or SASL-PLAIN authentication mechanisms, which expose plaintext passwords.

The system might change the risk score for this detection.

Kill Chain

Caution

Risk Score

60

Detection diagram
Next in Caution: Unusual NTLMv1 Authentication

Attack Background

N/A

Mitigation Options

Disable Simple or SASL-PLAIN Bind authentication on LDAP servers and implement stronger authentication frameworks

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right