Description
In django/thesaurus/settings.py, LDAP is configured with LDAP_AUTH_USE_TLS = False. LDAP credentials (username + password) are sent in plaintext over the network, making them vulnerable to network sniffing.
Severity
High — credential exposure in transit.
Location
django/thesaurus/settings.py — LDAP_AUTH_USE_TLS
Fix
Set LDAP_AUTH_USE_TLS = True and configure the appropriate TLS certificate settings, or switch to LDAPS (port 636).
Description
In
django/thesaurus/settings.py, LDAP is configured withLDAP_AUTH_USE_TLS = False. LDAP credentials (username + password) are sent in plaintext over the network, making them vulnerable to network sniffing.Severity
High — credential exposure in transit.
Location
django/thesaurus/settings.py—LDAP_AUTH_USE_TLSFix
Set
LDAP_AUTH_USE_TLS = Trueand configure the appropriate TLS certificate settings, or switch to LDAPS (port 636).