Lightweight Directory Access Protocol injection is a type of security exploits used to compromise the authentication process used by many websites. LDAP directories present in websites using LDAP stores information as objects. The LDAP objects include people, servers, printers and roles. If the directory is used for web application’s authentication, the attacker can enter malicious code into the user input field. This action by the attacker will gain him, an unauthorised access to the directory, view and change usernames and passwords. LDAP injection is similar to SQL injection because both injection techniques can be exploited because of unsanitised input. There are servers that fail to properly sanitise user input, the attacker can modify LDAP statements using a local proxy resulting in the execution of malicious commands such as granting permissions to unauthorised queries and content modification inside the LDAP tree.
An application can be exploited using LDAP injection because of the following factors:-
LDAP injection can be used to access information on users, their roles, their permissions and many more. If this information is released, the application may have catastrophic effects on the server.
Beagle recommends the following fixes:-