Nessus is returning plug-in 10722 and 10723 for several of my Windows 2000 / 2003 Exchange and DC servers. After Googling this and checking the archives I'm still not sure if these plug-ins are working as intended.
It appears with W2k you can't disable null bind, but it isn't a security risk in all cases. W2k3 allows null bind to be disabled, but can cause issues with down level clients and is not always a security issue. I'm referencing: http://support.microsoft.com/kb/837964 http://support.microsoft.com/kb/326690 Adding these plug-ins to our ignore list doesn't seem to good of an idea since they could be legit at times. Can the plug-ins be updated to more accurately detect the possible exposure of an insecure Windows LDAP service? Matt Wehnes
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
