LDAP Injection vulnerabilities may allow attackers to bypass authentication controls and access or manipulate arbitrary data within the LDAP directory.
To prevent LDAP Injection, validate and/or escape all user inputs before incorporating them into LDAP queries. Specifically, deny list the following characters or combinations: & | ! < > = ~= >= <= * ( ) , + - “ ‘ ; \ / NUL character. |