UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

LDAPv3 must block man-in-the-middle attacks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25563 OSX00124 M6 SV-38578r1_rule ECCT-1 ECCT-2 Medium
Description
To prevent LDAPv3 man-in-the middle attacks the system must be properly configured.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-37769r1_chk )
Open Finder.
Click the Hard Drive icon.
Double Click System.
Double Click Library.
Double Click CoreServices.
Double Click Directory Utility.
Click the Show Advanced Options button.
Click Services tab.
Click the Lock and enter the password to unlock the options (if needed).
Click the LDAPv3 service.
Click the Pencil icon.
Highlight the Server Name/Configuration Name.
Click Edit.
Click on Security tab and verify the "Block man-in-the-middle attacks (requires Kerberos)" is checked. If the value is not checked, this is a finding.
Fix Text (F-33015r1_fix)
Open Finder.
Click the Hard Drive icon.
Double Click System.
Double Click Library.
Double Click CoreServices.
Double Click Directory Utility.
Click the Show Advanced Options button.
Click Services tab.
Click the Lock and enter the password to unlock the options (if needed).
Click the LDAPv3 service.
Click the Pencil icon.
Highlight the Server Name/Configuration Name.
Click Edit.
Click the Security tab and select "Block man-in-the-middle attacks (requires Kerberos)".