Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
User-controlled or variable data is being directly inserted into LDAP queries without proper validation or sanitization. This allows attackers to manipulate LDAP statements by injecting malicious input.
Impact#
If exploited, attackers could bypass authentication, access unauthorized data, or modify directory information. This can lead to data breaches, privilege escalation, or compromise of sensitive application resources.