Can an LDAPS-enabled application capture the credentials?

Hello,
We were once using an application that used LDAP to authenticate against an Active Directory. When looking through the database of this application, I had found that it was capturing authenticated users AD credentials in plain text! If LDAPS was used (instead of LDAP), would they still be able to capture these credentials?
Also, I take it capturing credentials would be harder with Azure authentication, since the login screen shoves itself in front of the application, rather than the application itself passing through the credentials?

Many Thanks.

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s