CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Nome: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Informações Gerais
Modos de Introdução
Implementation : REALIZATION: This weakness is caused during implementation of an architectural security tactic.Plataformas Aplicáveis
Linguagem
Class: Not Language-Specific (Undetermined)Tecnologias
Name: Database Server (Undetermined)Consequências Comuns
| Escopo | Impacto | Probabilidade |
|---|---|---|
| Confidentiality Integrity Availability | Execute Unauthorized Code or Commands, Read Application Data, Modify Application Data Note: An attacker could include input that changes the LDAP query which allows unintended commands or code to be executed, allows sensitive data to be read or modified or causes other unintended behavior. |
Exemplos Observados
| Referências | Descrição |
|---|---|
CVE-2021-41232 | Chain: authentication routine in Go-based agile development product does not escape user name (CWE-116), allowing LDAP injection (CWE-90) |
CVE-2005-2301 | Server does not properly escape LDAP queries, which allows remote attackers to cause a DoS and possibly conduct an LDAP injection attack. |
Mitigações Potenciais
Phases : ImplementationMétodos de Detecção
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Eficácia : High
Notas de Mapeamento de Vulnerabilidade
Justificativa : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comentário : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Padrões de Ataque Relacionados
| CAPEC-ID | Nome do Padrão de Ataque |
|---|---|
| CAPEC-136 | LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value. |
Notas
Factors: resultant to special character mismanagement, MAID, or denylist/allowlist problems. Can be primary to authentication and verification errors.Referências
REF-879
Web Applications and LDAP InjectionSPI Dynamics.
Submissão
| Nome | Organização | Data | Data de lançamento | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modificações
| Nome | Organização | Data | Comentário |
|---|---|---|---|
| Sean Eidemiller | Cigital | added/updated demonstrative examples | |
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Name | |
| CWE Content Team | MITRE | updated Other_Notes, Relationship_Notes | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Modes_of_Introduction, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations, Relationship_Notes | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Research_Gaps | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Detection_Factors, Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Relationships, Weakness_Ordinalities |
