LDAP injection

Description

The system builds LDAP queries using untrusted data that could modify the query.

Impact

Inject LDAP statements to extract sensitive information without authorization.

Recommendation

• Avoid using untrusted data to generate dynamic LDAP queries.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⌚ 45 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

• Attack vector: A
• Attack complexity: H
• Privileges required: N
• User interaction: N
• Scope: U
• Confidentiality: L
• Integrity: L
• Availability: N

Temporal

• Exploit code madurity: P
• Remediation level: O
• Report confidence: X

Result

• Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X
• Score:
  • Base: 4.2
  • Temporal: 3.8
• Severity:
  • Base: Medium
  • Temporal: Low

Code Examples

Compliant code

Perform server side validation of all inputs before making LDAP sentences

using System;
using System.DirectoryServices;

public partial class WebForm : System.Web.UI.Page{
  protected void Page_Load(object sender, EventArgs e){
    string userName = Request.Params["user"];

    userNameVerified = cleanUserName(userName);
    string filter = "(uid=" + userNameVerified + ")";

    DirectorySearcher searcher = new DirectorySearcher(filter);
    SearchResultCollection results = searcher.FindAll();
  }
}

Non compliant code

The application uses dynamic user inputs to make LDAP sentences

using System;
using System.DirectoryServices;

public partial class WebForm : System.Web.UI.Page{
  protected void Page_Load(object sender, EventArgs e){
    string userName = Request.Params["user"];
    string filter = "(uid=" + userName + ")";

    DirectorySearcher searcher = new DirectorySearcher(filter);
    SearchResultCollection results = searcher.FindAll();
  }
}

Requirements

• 173. Discard unsafe inputs