🔐 Cybersecurity / Web Security Intermediate

What is LDAP injection?

Q: What is LDAP injection?

LDAP injection occurs when user input is unsafely embedded into an LDAP query, allowing attackers to manipulate the query to bypass authentication or extract unauthorized directory data. Example: an authentication query (&(uid=USER)(password=PASS)) — if the attacker enters *)(& as the user, the query becomes (&(uid=*)(&)(password=...)) which returns the first user regardless of password. LDAP injection is analogous to SQL injection but for LDAP directory services (Active Directory, OpenLDAP).

Answer

LDAP injection occurs when user input is unsafely embedded into an LDAP query, allowing attackers to manipulate the query to bypass authentication or extract unauthorized directory data. Example: an authentication query (&(uid=USER)(password=PASS)) — if the attacker enters *)(& as the user, the query becomes (&(uid=*)(&)(password=...)) which returns the first user regardless of password. LDAP injection is analogous to SQL injection but for LDAP directory services (Active Directory, OpenLDAP). Prevention: (1) Parameterized LDAP queries (use the LDAP library's escaping functions). (2) Input validation: whitelist allowed characters in username/search fields. (3) Escape special LDAP characters: (, ), *, \, NUL. (4) Least privilege: the LDAP service account should have minimal read permissions. (5) Disable anonymous LDAP access.

What is command injection?

What is security in the software development lifecycle (SDLC)?

More Cybersecurity / Web Security Questions

View all →

All Cybersecurity / Web Security Questions Browse All Topics