Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input from an HttpServletRequest is being used directly in an LDAP query without proper sanitization. This allows attackers to inject malicious LDAP statements by manipulating request parameters.
Impact#
If exploited, an attacker could modify, access, or delete sensitive records in the LDAP directory, potentially bypassing authentication, escalating privileges, or disrupting application functionality. This threatens data integrity and security across your system.