Detections
Analytics
LDAP Injection Authentication Bypass
high Web App Scanning Plugin ID 113331
Language:
Synopsis
LDAP Injection Authentication BypassDescription
Lightweight Directory Access Protocol (LDAP) is used by web applications to access and maintain directory information services.One of the most common uses for LDAP is to provide a Single-Sign-On (SSO) service that will allow clients to authenticate with a web site without any interaction (assuming their credentials have been validated by the SSO provider).
LDAP injection occurs when untrusted data is used by the web application to query the LDAP directory without prior sanitisation.
This is a serious security risk, as it could allow cyber-criminals the ability to query, modify, or remove anything from the LDAP tree. It could also allow other advanced injection techniques that perform other more serious attacks.
Scanner was able to detect a page that is vulnerable to LDAP injection based on known error messages.
This injection was detected as scanner was able to bypass the authentication mechanism and access an authenticated page.
Solution
It is recommended that untrusted data is never used to form a LDAP query.To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action. For example, where a username is required, then no non-alphanumeric characters should be accepted.
If this is not possible, special characters should be escaped so they are treated accordingly. The following characters should be escaped with a `\`:
* `&` * `!` * `|` * `=` * `<` * `>` * `,` * `+` * `-` * `'` * `'` * `;`
Additional character filtering must be applied to:
* `(` * `)` * `\` * `/` * `*` * `NULL`
These characters require ASCII escaping.
See Also
http://projects.webappsec.org/w/page/13246947/LDAP-Injection
Plugin Details
Severity: High
ID: 113331
Type: remote
Family: Injection
Published: 8/8/2022
Updated: 7/6/2023
Scan Template: pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 4.7
CVSS v2
Risk Factor: High
Base Score: 9
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 8.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Score Source: Tenable
CVSS v4
Risk Factor: High
Base Score: 7.2
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS Score Source: Tenable
Reference Information
CWE: 90
OWASP: 2010-A1, 2013-A1, 2017-A1, 2021-A3
WASC: LDAP Injection
CAPEC: 136
DISA STIG: APSC-DV-002560
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-SI-10
OWASP API: 2019-API8
OWASP ASVS: 4.0.2-5.3.7
PCI-DSS: 3.2-6.5.1