cve-2017-8563

About this tag
CVE-2017-8563 is a security vulnerability in Microsoft's LDAP authentication over SSL/TLS. WindowsForum.com discussions cover the LdapEnforceChannelBinding registry entry, which administrators can configure to enforce channel binding and mitigate this vulnerability. The fix, described in Microsoft support article 4034879, helps secure LDAP authentication against relay attacks. Topics include registry configuration, compatibility considerations, and best practices for enterprise IT environments running Windows Server or Active Directory.
  1. Use the LdapEnforceChannelBinding registry entry to make LDAP authentication over SSL/TLS more secure

    Describes the LdapEnforceChannelBinding registry setting that is used to enable the fix decribed in CVE-2017-8563 Continue reading...