Top
image credit: pixabay

How to fix insecure LDAP binds to prevent exposed Windows admin credentials

January 8, 2020

First the good news: Microsoft planned to release a patch in January to disable insecure LDAP channel binding and LDAP signing to more secure configurations. As a result of businesses asking for more time due to the holiday season, Microsoft has pushed this off to March 2020. Now the bad news: You may be already passing the credentials for the domain admin account in cleartext in your network as noted in a 2016 blog post.

How do you know? Start by looking for event ID 2886 and 2887 in your directory service log.

Read More on CSO Online