• caglararli@hotmail.com
  • 05386281520

Is LDAP encrypted after SASL authentication?

Çağlar Arlı      -    14 Views

Is LDAP encrypted after SASL authentication?

I was inspecting LDAP packets wit Wireshark today.

When I authenticate with simple bind, I can see the password in plain text and subsequent LDAP requests and responses.

Then I was authenticating with SASL/DIGEST-MD5. I can see the authentication attempts in clear text, except for the hashed credentials. But all subsequent LDAP requests and responses are scrambled. My understanding was that only the authentication is using DIGEST-MD5 and subsequent LDAP packets are unencrypted. When inspecting packet 18, I can see "Lightweight Directory Access Protocol" and underneath it a "SASL Buffer". So it seems like the LDAP response is indeed encrypted.

Could you shed some light on it, please? And if it's encrypted, what type of encryption is used?

enter image description here

enter image description here