We were recently made aware that Microsoft will be releasing an update in March 2020 that will change the binding mechanisms for LDAP to use a more secure configuration (see article below):
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
This patch will effectively disable simple binds and unsigned binds to our AD/LDAP environment. These types of binds can transmit clear text credentials during the connection process, or can be intercepted and used for man-in-the-middle attacks. We have scanned our domain controllers for these types of binds and detected that the following Infor/Lawson servers are utilizing these connections:
|
IP Address
|
Hostname
|
Application
|
Port
|
User
|
Bind Type
|
| |
|
Infor/Lawson Test
|
|
inforldapbind
|
Simple
|
| |
|
Infor/Lawson
|
|
inforldapbind
|
Simple
|
| |
|
Infor/Lawson
|
|
inforldapbind
|
Simple
|
Has anyone received any information from Infor Support or other consultant partners on how to address this upcoming event?
Thanks for your responses in advance!
