T 5.144 Compromising of directory services due to unauthorised access

If an attacker is able successfully circumvent the authentication procedure required by the directory service, then he will generally be able to access large amounts of data he is not authorised to access. Circumventing the authentication methods can therefore result in the compromising of the entire directory service.

Another risk is that unauthorised persons will be able to access network resources or services by extensions of authorisations. This can lead to the complete penetration of all defences of the directory service by an attacker. The affected system could then be impaired or could even be destroyed. Examples of scenarios in this context include the unauthorised acquisition of unlimited rights or spoofing an identity with more rights than the user's own rights in order to obtain more extensive authorisations.

If a third party is able to use a directory service without authorisation, then a wide variety of different types of damage can result. Examples of such damage include the following:

• If an attacker is able to use a directory service without authorisation, then he could read secret keys, change the keys, use the keys of a certification authority in the directory service, or manipulate critical security parameters. The cryptographic methods used would not provide the expected level of security any more as a result of this, which means the confidentiality or integrity of the data protected by encryption cannot be guaranteed any more either.
• If the directory service is intended to be used for login procedures and authorisation is valid universally in the network once the identity of the user has been determined, then unauthorised authentications can threaten additional resources, and especially the other systems in the network. It is therefore possible for additional systems to become compromised once the directory service has been compromised. A directory service can be used to grant users (after just one authentication) rights to other systems that would only be obtained without directory service after authenticating themselves on these systems. In this case, it is also possible for these systems to become compromised once the directory service has been compromised.

The security of a directory service can also be threatened when anonymous users are allowed. Since their identity is not checked, anonymous users are initially able to send any query to the directory service and obtain at least some information on the structure and content of the directory service. If anonymous binds (with LDAP) to the directory service are not possible (except for authentication itself), then the requests are usually replied to with an error message because otherwise attackers will obtain at least some information on the directory service. This information can then be used to prepare for further attacks.

This is the case especially when information on resources in the network and on the network itself is disclosed.

If anonymous access is permitted, then it will also be easier for attackers to conduct DoS attacks on the directory service because they will have access capabilities that are more difficult to control.