{"guid":"be52ba44-1b09-5c84-9eec-cfda46ea3f35","title":"LDAP - Leicht durch Angreifer Penetrierbar","subtitle":null,"slug":"2025-509-ldap-leicht-durch-angreifer-penetrierbar","link":"https://talks.mrmcd.net/2025/talk/LYM88K/","description":"LDAP ist (leider) immer noch an vielen stellen der De-Facto-Standard im EnTeRpRiSe wenn es um \"Single-Sign-On\" geht. Der Mix aus Legacy, Rückwertkompatibilität und komplexen Standards macht alles aber noch schlimmer als gedacht.\n\nEin Verkettung von unglücklichen Umständen, Rückwertkompatibilität und das Fingerpointing aller beteiligten haben zu einer Sicherheitslücke bei meinem Arbeitgeber geführt an der niemand so richtig schuld war, der aber darin endete, dass ich die Chats aller Mitarbeiter lesen könnte und mich bei einigen Diensten als beliebiger Nutzer ohne Password anmelden könnte.\n\nIn dem Talk erzähle ich die Geschichte, wie ich die Lücke gefunden habe, wie die Betroffene damit umgegangen sind, erkläre wie es überhaupt so weit kommen konnte und rede darüber, was man mittlerweile alles besser machen kann und sollte.\n\nhttps://creativecommons.org/licenses/by-sa/4.0/","original_language":"deu","persons":["fooker"],"tags":["509","2025","mrmcd25","C120 - Art. 15 DSGVO","mrmcd25-deu","Darmstadt","mrmcd25","Day 2"],"view_count":421,"promoted":false,"date":"2025-09-13T11:50:00.000+02:00","release_date":"2025-09-13T00:00:00.000+02:00","updated_at":"2026-03-23T23:00:04.400+01:00","length":1247,"duration":1247,"thumb_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd25/509-be52ba44-1b09-5c84-9eec-cfda46ea3f35.jpg","poster_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd25/509-be52ba44-1b09-5c84-9eec-cfda46ea3f35_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd25/509-be52ba44-1b09-5c84-9eec-cfda46ea3f35.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/mrmcd/mrmcd25/509-be52ba44-1b09-5c84-9eec-cfda46ea3f35.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/2025-509-ldap-leicht-durch-angreifer-penetrierbar","url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_title":"MRMCD 2025 - Volle Transparenz","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25","related":[],"recordings":[{"size":101,"length":1247,"mime_type":"video/webm;codecs=av01","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_av1-hd.webm","state":"new","folder":"av1-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-13T17:08:37.131+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/av1-hd/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_av1-hd.webm","url":"https://api.media.ccc.de/public/recordings/90890","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":19,"length":1247,"mime_type":"audio/mpeg","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2025-09-13T16:59:24.681+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/mp3/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/90883","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":11,"length":1247,"mime_type":"audio/opus","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2025-09-13T16:58:46.780+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/opus/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_opus.opus","url":"https://api.media.ccc.de/public/recordings/90881","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":44,"length":1247,"mime_type":"video/webm","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-09-13T18:04:39.455+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/webm-sd/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/90906","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":117,"length":1247,"mime_type":"video/webm","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-13T17:59:36.577+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/webm-hd/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/90905","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":44,"length":1247,"mime_type":"video/mp4","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2025-09-13T16:56:11.901+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/h264-sd/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_sd.mp4","url":"https://api.media.ccc.de/public/recordings/90880","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"},{"size":160,"length":1247,"mime_type":"video/mp4","language":"deu","filename":"mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2025-09-13T16:40:37.823+02:00","recording_url":"https://cdn.media.ccc.de/events/mrmcd/mrmcd25/h264-hd/mrmcd25-509-deu-LDAP_-_Leicht_durch_Angreifer_Penetrierbar_hd.mp4","url":"https://api.media.ccc.de/public/recordings/90872","event_url":"https://api.media.ccc.de/public/events/be52ba44-1b09-5c84-9eec-cfda46ea3f35","conference_url":"https://api.media.ccc.de/public/conferences/mrmcd25"}]}