LDAP Injection Attack

From Guidance Share

Jump to: navigation, search

Contents

Description

Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing information directories. LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request. The objective of this paper is to inform developers, system administrators and security professionals about various techniques that could be used to attack their applications. It also describes preventive measures for protecting applications from these intrusions.


Vulnerabilities

  • Building dynamic LDAP queries using untrusted input


Countermeasures

  • Untrusted input should be validated against an inclusion list before use (e.g., RegEx pattern, primitive type casting, domain constraint, etc.)


Additional Resources

Personal tools