LDAP Injection
- Risk:
High
- Type:
- Active
- CWE:
- 90
- Summary
- LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
- Solution
- Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed: & | ! < > = ~= >= <= * ( ) , + - " ' ; \ / NUL character