LDAP Injection

What is LDAP Injection

LDAP Injection occurs when remote attacker input can reach LDAP queries, changing the query to return different (or more) results.

When can LDAP Injection affect my application

LDAP Injection occurs in applications that directly query LDAP systems, most often for user lookup or authentication. When remote input can change the LDAP query, attackers can often gain access to more objects within the LDAP directory.

How do I know if/where my application has an LDAP Injection vulnerability

Contrast Assess can monitor applications as they are tested to detect LDAP Injection vulnerabilities.

How do I fix LDAP Injection

LDAP Injection is most often fixed by creating an allow-list of characters and ensuring proper escaping. Most APIs do not provide parameterized LDAP queries.

How do people attack LDAP Injection flaws

Attackers often look for signs of an LDAP query on input and add attitional characters to change records.ac