Merge pull request github#12693 from atorralba/atorralba/java/insecure-ldap-auth-tag

egregius313 · web-flow · commit e39318853f2a · 2023-03-28T14:56:56.000-04:00
Java: Fix InsecureLdapAuth tags
diff --git a/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
@@ -2,12 +2,11 @@
  * @name Insecure LDAP authentication
  * @description LDAP authentication with credentials sent in cleartext makes sensitive information vulnerable to remote attackers
  * @kind path-problem
- * @problem.severity warning
+ * @problem.severity error
  * @security-severity 8.8
- * @precision medium
+ * @precision high
  * @id java/insecure-ldap-auth
  * @tags security
- *       experimental
  *       external/cwe/cwe-522
  *       external/cwe/cwe-319
  */
