Skip to main content

LDAP injection

Description

The system builds LDAP queries using untrusted data that could modify the query.

Impact

Inject LDAP statements to extract sensitive information without authorization.

Recommendation

  • Avoid using untrusted data to generate dynamic LDAP queries.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⌚ 45 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: A
  • Attack complexity: H
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: O
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:X
  • Score:
    • Base: 4.2
    • Temporal: 3.8
  • Severity:
    • Base: Medium
    • Temporal: Low

Code Examples

Compliant code

Perform server side validation of all inputs before making LDAP sentences

using System;
using System.DirectoryServices;

public partial class WebForm : System.Web.UI.Page{
protected void Page_Load(object sender, EventArgs e){
string userName = Request.Params["user"];

userNameVerified = cleanUserName(userName);
string filter = "(uid=" + userNameVerified + ")";

DirectorySearcher searcher = new DirectorySearcher(filter);
SearchResultCollection results = searcher.FindAll();
}
}

Non compliant code

The application uses dynamic user inputs to make LDAP sentences

using System;
using System.DirectoryServices;

public partial class WebForm : System.Web.UI.Page{
protected void Page_Load(object sender, EventArgs e){
string userName = Request.Params["user"];
string filter = "(uid=" + userName + ")";

DirectorySearcher searcher = new DirectorySearcher(filter);
SearchResultCollection results = searcher.FindAll();
}
}

Requirements