CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Nome: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
General Informations
Modes Of Introduction
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.Piattaforme applicabili
Linguaggio
Class: Not Language-Specific (Undetermined)Tecnologie
Name: Database Server (Undetermined)Conseguenze comuni
| Ambito | Impatto | Probabilità |
|---|---|---|
| Confidentiality Integrity Availability | Execute Unauthorized Code or Commands, Read Application Data, Modify Application Data Note: An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior. |
Esempi osservati
| Riferimenti | Descrizione |
|---|---|
CVE-2021-41232 | Chain: authentication routine in Go-based agile development product does not escape user name (CWE-116), allowing LDAP injection (CWE-90) |
CVE-2005-2301 | Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack. |
Potential Mitigations
Phases : ImplementationDetection Methods
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Effectiveness : High
Note sulla mappatura delle vulnerabilità
Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Pattern di attacco correlati
| CAPEC-ID | Nome del pattern di attacco |
|---|---|
| CAPEC-136 | LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value. |
Note
Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.Riferimenti
REF-879
Web Applications and LDAP InjectionSPI Dynamics.
Invio
| Nome | Organizzazione | Data | Data di rilascio | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| Sean Eidemiller | Cigital | added/updated demonstrative examples | |
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Name | |
| CWE Content Team | MITRE | updated Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations, Relationship_Notes | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Research_Gaps | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Detection_Factors, Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships, Weakness_Ordinalities |
