CWE-90
AllowedImproper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
114 vulnerabilities reference this CWE, most recent first.
GHSA-CMM2-4Q45-JPGH
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-05-23 18:30MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
{
"affected": [],
"aliases": [
"CVE-2018-5730"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-06T20:29:00Z",
"severity": "MODERATE"
},
"details": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.",
"id": "GHSA-cmm2-4q45-jpgh",
"modified": "2024-05-23T18:30:52Z",
"published": "2022-05-13T01:02:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5730"
},
{
"type": "WEB",
"url": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3071"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1042071"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CQH3-JG8P-336J
Vulnerability from github – Published: 2026-05-26 23:39 – Updated: 2026-06-11 14:05Summary
An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.
Root Cause
File: yamcs-core/src/main/java/org/yamcs/security/LdapAuthModule.java:233
The username parameter is inserted directly into an LDAP search filter without RFC 4515 escaping:
// VULNERABLE
var filter = userFilter.replace("{0}", username);
var searchResult = getSingleResult(ctx, userBase, filter, controls);
LDAP wildcard characters (*, (, )) are accepted without sanitization.
Impact
With a known valid password, username=* authenticates as the first user returned by the LDAP search — enabling horizontal privilege escalation between accounts sharing similar passwords or when the attacker knows one valid password.
This affects deployments that use org.yamcs.security.LdapAuthModule in their etc/security.yaml configuration file.
Proof of Concept
curl -X POST "http://TARGET:8090/auth/token" \
-d "grant_type=password&username=*&password=known_password"
# Returns token for first matching LDAP user
Fix
Apply RFC 4515 escaping before filter construction:
private static String escapeLdapFilter(String input) {
return input
.replace("\\", "\\5c")
.replace("*", "\\2a")
.replace("(", "\\28")
.replace(")", "\\29")
.replace("\0", "\\00");
}
var filter = userFilter.replace("{0}", escapeLdapFilter(username));
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.yamcs:yamcs-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.12.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42568"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-26T23:39:55Z",
"nvd_published_at": "2026-06-10T23:16:46Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nAn LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.\n\n### Root Cause\n\n**File:** `yamcs-core/src/main/java/org/yamcs/security/LdapAuthModule.java:233`\n\nThe `username` parameter is inserted directly into an LDAP search filter without RFC 4515 escaping:\n\n```java\n// VULNERABLE\nvar filter = userFilter.replace(\"{0}\", username);\nvar searchResult = getSingleResult(ctx, userBase, filter, controls);\n```\n\nLDAP wildcard characters (`*`, `(`, `)`) are accepted without sanitization.\n\n### Impact\n\nWith a known valid password, `username=*` authenticates as the first user returned by the LDAP search \u2014 enabling horizontal privilege escalation between accounts sharing similar passwords or when the attacker knows one valid password.\n\nThis affects deployments that use `org.yamcs.security.LdapAuthModule` in their `etc/security.yaml` configuration file.\n\n### Proof of Concept\n\n```bash\ncurl -X POST \"http://TARGET:8090/auth/token\" \\\n -d \"grant_type=password\u0026username=*\u0026password=known_password\"\n# Returns token for first matching LDAP user\n```\n\n### Fix\n\nApply RFC 4515 escaping before filter construction:\n\n```java\nprivate static String escapeLdapFilter(String input) {\n return input\n .replace(\"\\\\\", \"\\\\5c\")\n .replace(\"*\", \"\\\\2a\")\n .replace(\"(\", \"\\\\28\")\n .replace(\")\", \"\\\\29\")\n .replace(\"\\0\", \"\\\\00\");\n}\nvar filter = userFilter.replace(\"{0}\", escapeLdapFilter(username));\n```",
"id": "GHSA-cqh3-jg8p-336j",
"modified": "2026-06-11T14:05:22Z",
"published": "2026-05-26T23:39:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42568"
},
{
"type": "PACKAGE",
"url": "https://github.com/yamcs/yamcs"
},
{
"type": "WEB",
"url": "https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7"
},
{
"type": "WEB",
"url": "https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Yamcs Vulnerable to LDAP Injection in LdapAuthModule"
}
GHSA-CVF4-F829-762V
Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-13 23:10pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.9"
},
"package": {
"ecosystem": "PyPI",
"name": "pgadmin4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-12764"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-13T23:10:38Z",
"nvd_published_at": "2025-11-13T13:15:44Z",
"severity": "HIGH"
},
"details": "pgAdmin \u003c= 9.9\u00a0is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.",
"id": "GHSA-cvf4-f829-762v",
"modified": "2025-11-13T23:10:39Z",
"published": "2025-11-13T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12764"
},
{
"type": "WEB",
"url": "https://github.com/pgadmin-org/pgadmin4/issues/9325"
},
{
"type": "WEB",
"url": "https://github.com/pgadmin-org/pgadmin4/commit/09d2b7eeb0e330df73b1aef0cba57788fde52b6b"
},
{
"type": "PACKAGE",
"url": "https://github.com/pgadmin-org/pgadmin4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "pgAdmin is affected by an LDAP injection vulnerability"
}
GHSA-F786-73F3-CVMC
Vulnerability from github – Published: 2023-12-18 00:30 – Updated: 2023-12-18 00:30A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2023-6905"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-18T00:15:11Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test\u0026id=1 of the component Bind Request Handler. The manipulation leads to ldap injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-248267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-f786-73f3-cvmc",
"modified": "2023-12-18T00:30:23Z",
"published": "2023-12-18T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6905"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.248267"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.248267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G283-W6FP-C4FC
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-06-30 16:59Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-providers-fab"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-46745"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-30T16:59:52Z",
"nvd_published_at": "2026-05-25T11:16:18Z",
"severity": "MODERATE"
},
"details": "Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.",
"id": "GHSA-g283-w6fp-c4fc",
"modified": "2026-06-30T16:59:52Z",
"published": "2026-05-26T13:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46745"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/66417"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/3f7756bea71a7c7988511ec0557314ffb15fbe5e"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/dvfy0bs181xwsrjrd3y5c55ztbzm8yhh"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/24/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability"
}
GHSA-GMRW-VH4Q-4FVV
Vulnerability from github – Published: 2026-02-08 00:30 – Updated: 2026-02-11 00:30WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.
{
"affected": [],
"aliases": [
"CVE-2026-25560"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-07T22:16:01Z",
"severity": "HIGH"
},
"details": "WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.",
"id": "GHSA-gmrw-vh4q-4fvv",
"modified": "2026-02-11T00:30:14Z",
"published": "2026-02-08T00:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25560"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/commit/0b0e16c3eae28bbf453d33a81a9c58ce7db6d5bb"
},
{
"type": "WEB",
"url": "https://wekan.fi"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/wekan-ldap-authentication-filter-injection"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GX55-P8G7-P3FH
Vulnerability from github – Published: 2026-06-24 15:31 – Updated: 2026-06-24 15:31Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.
{
"affected": [],
"aliases": [
"CVE-2026-57288"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-24T14:17:35Z",
"severity": "LOW"
},
"details": "Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI) authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a matching user whose password they know without knowing their exact user name.",
"id": "GHSA-gx55-p8g7-p3fh",
"modified": "2026-06-24T15:31:47Z",
"published": "2026-06-24T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57288"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3651"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H47X-56Q8-MW44
Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-05-21 09:32An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.
{
"affected": [],
"aliases": [
"CVE-2026-44063"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T08:16:21Z",
"severity": "MODERATE"
},
"details": "An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.",
"id": "GHSA-h47x-56q8-mw44",
"modified": "2026-05-21T09:32:10Z",
"published": "2026-05-21T09:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44063"
},
{
"type": "WEB",
"url": "https://netatalk.io/security/CVE-2026-44063"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H54R-MF9P-GJ9P
Vulnerability from github – Published: 2024-01-12 21:30 – Updated: 2024-01-12 21:30NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-31025"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T19:15:09Z",
"severity": "MODERATE"
},
"details": "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.",
"id": "GHSA-h54r-mf9p-gj9p",
"modified": "2024-01-12T21:30:19Z",
"published": "2024-01-12T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31025"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P4FH-PF6M-QQ74
Vulnerability from github – Published: 2023-01-07 18:30 – Updated: 2023-01-12 21:30A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2015-10027"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-90"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-07T17:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.",
"id": "GHSA-p4fh-pf6m-qq74",
"modified": "2023-01-12T21:30:29Z",
"published": "2023-01-07T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-10027"
},
{
"type": "WEB",
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/pull/14"
},
{
"type": "WEB",
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/commit/a7f7a5a82d9202a5c40d606a5c519ba61b224eb8"
},
{
"type": "WEB",
"url": "https://github.com/hydrian/TTRSS-Auth-LDAP/releases/tag/2.0b1"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.217622"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.217622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.