LDAP anonymous access enabled at certrep.pki.state.gov:389

## Summary: Hi us-department-of-state Security Team. I have found that this subdomain certrep.pki.state.gov Is vulnerable LDAP Anonymous access enabled as you can see in the following screenshots:- ██████████ ███████ ████████ ## Steps To Reproduce: 1. Run nmap -n -Pn --script "ldap* and not brute" certrep.pki.state.gov 2. You can use ldapadmin tool as showing above at screenshots. ## Supporting Material/References: - https://book.hacktricks.xyz/network-services-pentesting/pentesting-ldap - https://hackerone.com/reports/205908 Please let me know if need more info. Best Regards. @doosec101 ## Impact Improper access to LDAP with anonymous login.