LDAP Injection
- Risk:
High
- Type:
- Active
- CWE:
- CWE-90
- Summary
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
- Solution
Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - " ' ; \ / NUL character
Free security scan for your website