logo

LDAP Injection

  • Risk:
  • High

  • Type:
  • Active
Summary

LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.

Solution

Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - " ' ; \ / NUL character

References

http://www.testingsecurity.com/how-to-test/injection-vulnerabilities/LDAP-Injection

https://owasp.org/www-community/attacks/LDAP_Injection

Free security scan for your website