LDAP Injection

Jan 15, 2012 By Administrator

LDAP Injection (CWE: 90) is an attack allowing the attacker to modify LDAP queries.

Recently, I encountered a nice LDAP Injection – and I started asking myself why do we hear so little about such vulnerabilities?
I would expect the opposite.

This attack method is less known to developers than SQL Injection and XSS, and development platforms rarely supply methods for avoiding it, so if the application at hand has LDAP access it’s not unlikely to be vulnerable to this kind of injection.

I know – many times it is hard to find this and even harder to exploit, which is why many times these vulnerabilities are left uncovered by pen-testers and code reviewers – but I think it worth the effort as successful attack may lead to a complete system compromise.

What is your best practice to avoid LDAP injections in your development platform? How do you test for the existence of it in an application?

———————————————————–
Here’s a Java code I found that seems to be vulnerable. Is that so? How? Why/Why not?
How would you do it better?

// Assume that var1 and var3 are predefined consts,
// and var2 is assigned a value fully controllable by the user

env.put(javax.naming.Context.SECURITY_PRINCIPAL,
var1+”=”+var2+”,”+var3);
DirContext ctx = new InitialDirContext(env)

The following two tabs change content below.

Administrator

Latest posts by Administrator (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

  • Satya

    please finish the entire blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.