We recently went through a security audit and one of the findings was the fact that our connection servers support anonymous LDAP binding. A couple of questions:
- What sort of information could be gained by exploiting this?
- Is there a way to disable anonymous binding?
- Is this something to be overly concerned with?
Thanks