Port 636 – LDAPS (LDAP over SSL)

Why It’s Open

Port 636 is used for Lightweight Directory Access Protocol over SSL/TLS (LDAPS), providing encrypted communication for directory services. This secure version of LDAP is crucial for protecting sensitive authentication and directory information in enterprise environments, particularly in Active Directory implementations.

Organizations use this port to enable secure access to directory services for user authentication, group policies, and resource management. It’s essential for maintaining secure communication between directory clients and servers.

Common Risks

• SSL/TLS Vulnerabilities:
  Weak encryption settings.
• Authentication Bypass:
  LDAP binding issues.
• Information Disclosure:
  Directory data leakage.
• Credential Exposure:
  Through misconfiguration.
• Denial of Service:
  Resource exhaustion.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Check if it’s open:

nmap -sT -p 636

Test SSL/TLS:

openssl s_client -connect :636

Verify certificate:

sslscan :636

What to Look For

Mitigation

• Strong Encryption:
  Use only current TLS versions (1.2+).
• Valid Certificates:
  Implement properly signed SSL certificates.
• Strict Authentication:
  Disable anonymous binds and require strong credentials.
• Access Controls:
  Implement proper ACLs for directory objects.
• Regular Updates:
  Keep LDAP server software and security patches current.

TL;DR

• Port 636 = LDAPS (Secure LDAP)
• Critical for directory services
• Requires strong TLS configuration
• Need proper access controls

Known CVEs and Exploits

• CVE-2020-12142 – OpenLDAP LDAPS certificate validation bypass
• CVE-2017-14491 – LDAP server buffer overflow via SSL connections
• ldapsearch with SSL – LDAPS eenumeration and testing tool